> So this would be a very simple model where you just have a setuid root
> program, and it could simply drop some or all of its
> privileges/capabilities at any point in its execution --- perhaps at the
> beginning, perhaps later on in the execution of the program, etc. It's
> more flexible and simpler than the setuid-root-and-use-ELF approach.
Reading elf sections is trivial (take a look :-). Advantage of reading
elf sections is that you can ask "what capabilities does program XYZ
use?". I think that is pretty essential (along with ability to say:
"force program XYZ to use capability CAP_NET_RAW only).
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/