>
> Please! How the HELL are you going to set the capabilities for shell
> scripts if they are dependant on elf format? Perl programs. How about
> older a.out binaries? We HAVE to have it in the filesystem. You are
> proposing something just plain broken.
Heh, you've gone a long way from 'this is cool!' to 'just plain broken'
;-) No matter: the answer to your question is you _don't_ under this
scheme. (well, there's some kind of perl setuid thing, but that's another
matter) This is for ELF executables only, which fortunately are the rule
rather than the exception. Scripts will have to wait for FS support, and
setuid scripts will break with all the standard tools + nfs. I did forget
to mention in my last post: if caps are present in the FS, ignore whatever
you find in the binary.
> Another thing: with capabilities set in the filesystem, you don't have to
> muck with the suid semantics. Don't mess with this! The meaning of
> suid is all settled, don't go yanking it out from under our feet!
The meaning of 'setuid 0' is outdated, this is a better way to use it.
> Jonathan Walther
> Digital Video Broadcasting Systems
> http://216.100.231.12
later.
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/