Re: [PATCH]: alternative security - special gids

H. Peter Anvin (hpa@transmeta.com)
30 May 1999 11:11:19 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Evans: "Re: [PATCH]: alternative security - special gids"
Previous message: Thierry Danis: "2.2.9-ac1 dies during iozone"
Maybe in reply to: Augusto Cesar: "[PATCH]: alternative security - special gids"
Next in thread: David S. Miller: "Re: [PATCH]: alternative security - special gids"

Followup to: <Pine.LNX.4.10.9905281808140.1040-100000@localhost>
By author: Augusto Cesar <bishop@sekure.org>
In newsgroup: linux.dev.kernel
>
> This is a little more robust patch of the old idea of the special gids.
> This patch add a feature in socket layer that allows you to perform
> certain privileged operations without requiring root access.
>
> This is from idea: 'I don't like much suid root programs, they can be a
> security problem in the future'.
>
> Many many programs uses suid root only to access raw sockets or bind
> privileged ports, with this patch you can set 2 gids via sysctl with full
> access to raw sockets or privileged ports.
>

You want capabilities.

-hpa

-- "The user's computer downloads the ActiveX code and simulates a 'Blue Screen' crash, a generally benign event most users are familiar with and that would not necessarily arouse suspicions." -- Security exploit description on http://www.zks.net/p3/how.asp

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Evans: "Re: [PATCH]: alternative security - special gids"
Previous message: Thierry Danis: "2.2.9-ac1 dies during iozone"
Maybe in reply to: Augusto Cesar: "[PATCH]: alternative security - special gids"
Next in thread: David S. Miller: "Re: [PATCH]: alternative security - special gids"