Re: capabilities in elf headers, (my) final (and shortest) iteration

David L. Parsley (kparse@salem.k12.va.us)
Wed, 21 Apr 1999 06:58:13 -0400 (EDT)


Hi Horst,

On Tue, 20 Apr 1999, Horst von Brand wrote:

> "David L. Parsley (lkml account)" <kparse@salem.k12.va.us> said:
> > On Sun, 18 Apr 1999, Pavel Machek wrote:
> > > No it is not. You can still make interpretter suid root, and
> > > interpretter will have to look if script is marked, and in such case
> > > interpretter will have to interpret 'capability headers' in the
> > > script. (You can use your #! idea if you want.) But suid interpretter
> > > will be the one who parses capabilities.
>
> > Yes, you are correct; the interpreter should just get a (mostly) full cap
> > set and parse the caps itself. Mine was a hairbrained idea, but at least
> > it generated a better one. ;-)
>
> It _is_ harebrained: You want to make the system secure by auditing each
> capable piece of software (at least those with dangerous capabilities,
> however defined), and for stuff like the Perl interpreter this is hopeless,
> or at least makes the whole exercise pointless.
>
> And again, what is going to stop me from faking capabilities in the script
> when I write it?

You can put whatever caps in the script you like; it's the sysadmin who
sets the cap-enable bit who's responsible for being sure they're sane.
Otherwise they're ignored. No problem.

cheers,
David

- --
David L. Parsley
Network Specialist
City of Salem Schools

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/