Re: [PATCH] capabilites, take 2

From: Valdis . Kletnieks
Date: Thu May 13 2004 - 20:37:39 EST

Next message: Nathan Scott: "Re: Crashes possibly related to XFS fs."
Previous message: Andy Lutomirski: "Re: 2.6.6-mm2 (oops on keyboard/mouse USB hub unplug)"
In reply to: Chris Wright: "Re: [PATCH] capabilites, take 2"
Next in thread: Chris Wright: "Re: [PATCH] capabilites, take 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 13 May 2004 18:20:10 PDT, Chris Wright said:

> I think it still needs more work. Default behavoiur is changed, like
> Inheritble is full rather than clear, setpcap is enabled, etc. Also,
> why do you change from Posix the way exec() updates capabilities? Sure,
> there is no filesystem bits present, so this changes the calculation,
> but I'm not convinced it's as secure this way. At least with newcaps=0.

The last time the "capabilities" thread reared its head a while ago, Andy made
a posting that pretty conclusively showed that the Posix way was totally b0rken
if you ever intended to support filesystem bits. So if you wanted to ever have
a snowball's chance of supporting something like:

chcap cap_net_raw+ep /bin/ping

so you could get rid of the set-UID bit on 'ping', you had to toss the Posix
propogation rules out the window. So we need to do either:

1) Toss the Posix out the window
2) Toss all the filesystems capabilities support out the window.

(I'm assuming that a suggestion that we make the choice a Kconfig option will
be met with the sound of many kernel hackers either retching in disgust or
screaming in horror ;)

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Nathan Scott: "Re: Crashes possibly related to XFS fs."
Previous message: Andy Lutomirski: "Re: 2.6.6-mm2 (oops on keyboard/mouse USB hub unplug)"
In reply to: Chris Wright: "Re: [PATCH] capabilites, take 2"
Next in thread: Chris Wright: "Re: [PATCH] capabilites, take 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]