- To set the cap flag, a user (process) needs CAP_SETFCAP raised, and the
kernel (besides the normal fs checks) validates the cap headers as well
for legality. (this also applies to creating files with this flag raised;
i.e., through a copy operation)
- While the cap flag is set, the file is immutable, so the file owner
can't edit the file directly to raise caps.
- A file that is both setuid root and capability enabled has only those
capabilities granted in conjuction w/ the headers; if it's only setuid
root, the kernel can (as a configurable option?) treat it as before and
raise all caps.
This can bring us _really_ close to true capabilities support,
while avoiding the ugly hack of also storing uid + suid bit in the elf
headers.
thoughts?
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/