Jonathan Corbet <corbet-lk@eklektix.com> wrote:
> Just for the sake of discussion, I would like to toss out this idea one
> more time. VMS handled the association of privileges (i.e. "capabilities")
> via a central database. For any executable to run with privilege, it had
> to be "installed" as a "known image," with the privileges spelled out.
> Executables so installed were protected from modification thereafter.
Oooohhhh... Nice concept... So, if it were to implemented on
Linux would we have to bind to dentries pre-init, then?
Or do we bind to inodes post-init?
Also, how would we handle overmount conditions, such as:
# mount /dev/sda3 /usr
# ls -l /usr/sbin/secureapp
-r-xr-xr-x ... 678585 secureapp
# capmap /usr/sbin/secureapp 0x4834F8483
# mount /dev/sda4 /usr/sbin
# ls -l /usr/sbin/secureapp
-r-xr-xr-x ... 998721 secureapp
Is secureapp on /dev/sda3 the one we execute? Does secureapp on
/dev/sda4 have the capability mask we gave to old one? Neither?
-- Jason McMullan, Senior Linux Consultant, Linuxcare, Inc. 412.422.8077 tel, 415.701.0792 fax jmcmullan@linuxcare.com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:13 EST