Re: inheritable set [was Re: caps in elf headers: use the sticky

Y2K (y2k@y2ker.com)
Sun, 18 Apr 1999 21:30:24 -0700 (PDT)


On Sat, 17 Apr 1999, Albert D. Cahalan wrote:
> >> In traditional unix, every utility has inheritable set set to FULL by
> >> default. I do not think it is good idea to change that.
>
> Look at the calculation: new_pP = fP | (fI & old_pI)
Which I do not like. pP'= fP | (fI & pI) might be OK for properly marked
execs. Though as you already know I'd argue that it should have an extra
term. pP'= fP | (fI & pI & pP)
For nonprivledged marked then it should be pP' = (fI & pI & pP).
> You can emulate an old-style UNIX two ways.
> Option X: fI is assumed empty and pI is assumed full
> Option Y: pI is assumed empty and fI is assumed full
> Linux currently does option X. This is stupid though, because it
> makes no distinction between fI and fP. When option X is used,
> the equation reduces to this: new_pP = fP | fI
fI should be assumed to be pP and it should use the more restrictive
formula which would in this case reduce to pP' = pI & pP.
I think as a default that is quite reasonible.
>
> >> I have to disagree; making inheritible set to be NULL by default, and
> >> only allowing someone with privileges to set the inheritable set is
> >> extremely important.
>
> Yes, and you can have a highly-secure option too.
> Consider what happens with option Y, where we assume that an unmarked
> executable has a full fI. The ability to add bits to pI is dangerous.
> The bits in pI are what give an admin power.
You are only allowed to add flags to pI that you have in pP according to
the now defunct posix standard.
I think the problem why you can't be more unixy is the formula.
pI and fI should not give your children more power than what you already
have in pP IMHO-- use fP to gain power(which should be privledged).
Using fI as a quasi-setcap just feels ugly.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/