Re: capabilities in elf headers, (my) final (and shortest) iteration

Horst von Brand (vonbrand@inf.utfsm.cl)
Tue, 20 Apr 1999 12:03:42 -0400


"David L. Parsley (lkml account)" <kparse@salem.k12.va.us> said:
> On Sun, 18 Apr 1999, Pavel Machek wrote:
> > No it is not. You can still make interpretter suid root, and
> > interpretter will have to look if script is marked, and in such case
> > interpretter will have to interpret 'capability headers' in the
> > script. (You can use your #! idea if you want.) But suid interpretter
> > will be the one who parses capabilities.

> Yes, you are correct; the interpreter should just get a (mostly) full cap
> set and parse the caps itself. Mine was a hairbrained idea, but at least
> it generated a better one. ;-)

It _is_ harebrained: You want to make the system secure by auditing each
capable piece of software (at least those with dangerous capabilities,
however defined), and for stuff like the Perl interpreter this is hopeless,
or at least makes the whole exercise pointless.

And again, what is going to stop me from faking capabilities in the script
when I write it?

-- 
Dr. Horst H. von Brand                       mailto:vonbrand@inf.utfsm.cl
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/