Re: capabilities patch (v 0.1)

From: David Wagner
Date: Tue Aug 09 2005 - 19:54:23 EST

Next message: Patrick McHardy: "Re: [PATCH] net/ipv4 debug cleanup, kernel 2.6.13-rc5"
Previous message: Con Kolivas: "[ANNOUNCE] Interbench v0.29 - Interactivity benchmark"
In reply to: David Madore: "Re: capabilities patch (v 0.1)"
Next in thread: Chris Wright: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Madore wrote:
>I intend to add a couple of capabilities which are normally available
>to all user processes, including capability to exec(), [...]

Once you have a mechanism that lets you prevent the untrusted program
from exec-ing a setuid/setgid program (such as your bounding set idea),
I don't see any added value in preventing the program from calling exec().

"Don't forbid what you can't prevent". The program can always emulate
the effect of exec() in userspace (for non-setuid/setgid programs) --
doing so is tedious, but nothing prevents a malicious userspace program
from implementing such a thing, I think.

This is only a comment on forbidding exec(), not on anything else in
your proposal.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrick McHardy: "Re: [PATCH] net/ipv4 debug cleanup, kernel 2.6.13-rc5"
Previous message: Con Kolivas: "[ANNOUNCE] Interbench v0.29 - Interactivity benchmark"
In reply to: David Madore: "Re: capabilities patch (v 0.1)"
Next in thread: Chris Wright: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]