Re: caps in elf, next itteration (the hack get's bigger)

David L. Parsley (kparse@salem.k12.va.us)
Sat, 10 Apr 1999 23:58:54 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel Taylor: "Re: [PATCH] Capabilities, this time in elf section"
Previous message: Daniel Taylor: "Re: 2.2.x kernels missend odd-sized ICMP packets"
In reply to: Richard B. Johnson: "Re: [PATCH] Capabilities, this time in elf section"

On Sat, 10 Apr 1999, Horst von Brand wrote:

> "David L. Parsley (lkml account)" <kparse@salem.k12.va.us> said:
> > OK, I think I know a good way to improve 3 aspects of my previous
> > solution:
>
> [...]
>
> > 1) 'setuid 0' is _just_ a filesystem flag that alerts the kernel to a
> > program that has capabilities + uid + gid in the elf headers. (putting
> > uid & gid in the headers was Albert's idea, and now seems to me a must)
>
> Current tools won't recognize a file belonging to jschmoe as hers, quotas
> will go haywire too.

Geez, the idea for this hack looked so good, but it just gets deeper and
deeper... but you are correct; storing uid+suid bit in the headers is
bad; which is why I now say let's use the sticky bit. (please see my post
on that subject) I found no reference to the sticky bit being used in any
way on _files_ under Linux (though directories certainly). This is as
good a use for it as any, but I'm still thinking on it and waiting for
feedback on the idea. Nicely, if done this way, 'setuid 0' in the fs can
have no more significance than 'setuid 123'; which is kinda the point of
capabilities... (for compatibility, we may want a config option for the
kernel to treat setuid 0 as before)

my stupidity here:
> > - if calling process has elevated caps, kernel applies the permittable and
> > inheritable cap flags from the binary (which can only be modified by the
> > owner in any event)

heh, I should have gone back and read the privs docs again earlier; I
think now that a file should either be capabilities enabled or not. If
the cap flag (now the sticky bit) isn't set, all capelf headers are
ignored... (I really should update my spec soon)

> Any ACL system is inherently distinctly un-Unix-ish, IMHO. Better bite that
> bullet once now and get it over with.

Well, there's an unavoidable breakage when you move to strict
capabilities; 'setuid 0' no longer automatically grants all caps... so
yes, there's a certain bullet to bite here.

> --
> Horst von Brand vonbrand@sleipnir.valparaiso.cl
> Casilla 9G, Viña del Mar, Chile +56 32 672616
>

- --
David L. Parsley
Network Specialist
City of Salem Schools

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Taylor: "Re: [PATCH] Capabilities, this time in elf section"
Previous message: Daniel Taylor: "Re: 2.2.x kernels missend odd-sized ICMP packets"
In reply to: Richard B. Johnson: "Re: [PATCH] Capabilities, this time in elf section"