That's not the common case, though - the first things that get converted to
use capabilities will surely be the existing suid stuff, won't they?
Are you suggesting that the whole system should break when you reboot to an old
kernel?
What wrong with sticking
if (geteuid() == 0 && getuid() != 0) exit(1);
in your new capability-aware utilities if it's so important to avoid suid
operation on old kernels?
A lot of people are going to want to remove the suid bit from existing
executables and add capabilities. If that then breaks when they reboot to an
old kernel, then we've done something blatantly wrong. Using the suid bit as a
marker to show the presence of a 'capability header' seems like an ideal
solution, because it provides backwards compatibility without any loss of
security in relation to the _existing_ situation. New capability-holding
utilities that were never suid and should never be suid can just include that
one-liner I gave above.
---- ---- ----
David Woodhouse David.Woodhouse@mvhi.com Office: (+44) 1223 810302
Project Leader, Process Information Systems Mobile: (+44) 976 658355
Axiom (Cambridge) Ltd., Swaffham Bulbeck, Cambridge, CB5 0NA, UK.
finger dwmw2@ferret.lmh.ox.ac.uk for PGP key.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/