>> In traditional unix, every utility has inheritable set set to FULL by
>> default. I do not think it is good idea to change that.
Look at the calculation: new_pP = fP | (fI & old_pI)
You can emulate an old-style UNIX two ways.
Option X: fI is assumed empty and pI is assumed full
Option Y: pI is assumed empty and fI is assumed full
Linux currently does option X. This is stupid though, because it
makes no distinction between fI and fP. When option X is used,
the equation reduces to this: new_pP = fP | fI
>> I have to disagree; making inheritible set to be NULL by default, and
>> only allowing someone with privileges to set the inheritable set is
>> extremely important.
Yes, and you can have a highly-secure option too.
Option Z: both pI and fI are assumed empty
> zero. I _still_ do not see why setting inheritable set should be
> privileged operation. Secure programs should not execute external
Consider what happens with option Y, where we assume that an unmarked
executable has a full fI. The ability to add bits to pI is dangerous.
The bits in pI are what give an admin power.
You also destroy option Z, the highly secure system.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/