Re: inheritable set [was Re: caps in elf headers: use the sticky bit!]
Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Sat, 17 Apr 1999 21:04:39 -0400
In message <Pine.GSO.4.10.9904172025150.21850-100000@weyl.math.psu.edu>, Alexan
der Viro writes:
+-----
| > Capabilities defined that loosely aren't particularly useful. A better
| > real-world example of a capability useful for mail programs would be: the
| > ability to create and remove files owned by the process's uid in certain
| > directories.
|
| You don't need *anything* special for that. You don't need
| capabilities - file descriptor of the directory will work just fine. Let
| the daemon pass it to applications via SCM_RIGHTS (after proper
| authentication, indeed) and call fchdir() in the application. Make the
| directory inaccessible to anybody except the daemon (no exec for group
| and world on parent) and there you go. You'll need to protect the thing
| from reaching it via /proc/* - not a big deal.
+--->8
...and a major rewrite of existing mailers to work with this. Capabilities
make for a much smaller rewrite (remove uid management, as it's no longer
needed).
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering KF8NH
We are Linux. Resistance is an indication that you missed the point.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/