Re: capabilities in elf headers: next (final?) itteration

Richard B. Johnson (parse@salem.k12.va.us)
Fri, 9 Apr 1999 14:36:42 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeremy Fitzhardinge: "RE: [PATCH] Capabilities, this time in elf section"
Previous message: Richard B. Johnson: "Re: Kernel Stack"

Hi Jonathan,
Well, sure, 'login' would have to check somewhere to determine
what caps a user should have. Most probably it would be better to add
this to the /etc/shadow file in the reserved field, then patch 'login' to
use that. (this is an off the cuff suggestion, the glibc ppl may have a
better idea on this ;-) And yes, _some_ user would need all caps set, or
at least the cap to set/modify 'setuid root' files (the equiv. of
'CAP_GOD' or whatever) otherwise it would be difficult to admin the box. I
guess 'getty' could also be modified to lower caps on all remote logins,
as well, regardless of (or in concert with) /etc/securetty.

On Fri, 9 Apr 1999, Jonathan Walther wrote:

>
> Sounds cool, but how do you plan to let other users have "raised caps"?
> Maybe there should be a capabilities section in /etc/password that shows a
> users capabilities? And root of couse gets his all turned on... or
> something like that.
>
> Jonathan
>
> On Fri, 9 Apr 1999 parse@salem.k12.va.us wrote:
>
> > Hi all,
> > I think I've got the 'Right Solution' (tm) to putting caps in elf
> > headers in the most appropriate way (i.e., the UNIX way):
[snip]

- --
David L. Parsley
Network Specialist
City of Salem Schools

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeremy Fitzhardinge: "RE: [PATCH] Capabilities, this time in elf section"
Previous message: Richard B. Johnson: "Re: Kernel Stack"