Re: [PATCH]: alternative security - special gids

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Sun, 30 May 1999 17:01:17 +0100 (GMT)


On Sun, 30 May 1999, Augusto Cesar wrote:

> > This isn't needed. In kernel 2.2, we already have this functionality via
> > capabilities. A program which only needs to bind to a low port socket,
> > simply drops all its privs apart from "bind to low socket". It can do this
> > as one of its first lines of code.
> >
>
> Ow, this is a unknow feature for me, thanks for teching-me, do you know
> any source that uses this capabilities, I want to take a look.

There is a library to use these things, on ftp.kernel.org somewhere, try
/pub/linux/libs/security/linux-privs/kernel-2.2

Programs which make use of this new library are few and far between,
though :-(

I expect widespread use of capabilities to start once the filesystem
support is merged with 2.3 kernel. The filesystem support allows you to
tag binaries with the exact privilege they need, rather than the rather
coarse grained "suid root".

Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/