Re: disable-cap-mlock

From: Andrea Arcangeli
Date: Fri Apr 02 2004 - 17:58:17 EST

Next message: Patrick Mochel: "Re: [PATCH] Device suspend/resume fixes"
Previous message: Fabian Frederick: "elevators"
In reply to: Chris Wright: "Re: disable-cap-mlock"
Next in thread: Andrew Morton: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 02, 2004 at 02:36:39PM -0800, Chris Wright wrote:
> [..] I think basically
> nobody really uses capabilites except in either simple root drops a
> few privs ways (no exec), [..]

yep, at least sendmail does that (I remeber because there was a kernel
bug at some point not dropping those).

If I understand well, the basic problem is that there's no way to retain
a single capability forever through execve and everything else possible.
We'd need a way to tell the kernel a certain capability must never go
away no matter what syscall is being run. Of course one will need need a
special capability to use this functionality (CAP_ADMIN or similar) and
login/su will then be able to give IPC_CAP_LOCK to an user. I think
at some point there was something like this being discussed, when there
were still discussions about putting the capabilities into the fs (or
the elf header or whatever).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrick Mochel: "Re: [PATCH] Device suspend/resume fixes"
Previous message: Fabian Frederick: "elevators"
In reply to: Chris Wright: "Re: disable-cap-mlock"
Next in thread: Andrew Morton: "Re: disable-cap-mlock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]