[Scheem for munging capabilities]
> Whilst that appears to be a difficult scenario to follow, it is most
> definately a valid one to watch for, and I would suggest the following
> addition to your prosal to help deal with it.
>
> 4) Include in the capabilities header a field holding the timestamp
> of the last capabilities validation.
Against what? I might very legitimately hold a binary with all caps, and in
the above scenario I could doctor your header to my entire satisfaction
anyway. You'd need some central repository of legitimate capabilities...
and then the capabilities-in-(header|filesystem) are pointless
> 6) In addition, modify point 1 to also set the validation timestamp
> to the current kernel boot timestamp if it successfully set the cap
> flag.
OK, so capabilities are useful only between reboots now, and have to be set
again each time?
Please, let's concentrate on where we are going. If your system can be
rebooted into an older kernel that doesn't know of capabilities, you are
almost sure to get screwed anyway.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viņa del Mar, Chile +56 32 672616
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/