Re: [PATCH] Capabilities, this time in elf section

Robert Minichino (linuxkrn@pasture.net)
Sun, 11 Apr 1999 14:13:52 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Pavel Machek: "Re: caps in elf, next itteration (the hack get's bigger)"

On Sun, 11 Apr 1999, Gregory Maxwell wrote:
> On Sun, 11 Apr 1999, Horst von Brand wrote:
>
> > Or get somebody capable running it. I.e, suspect that people are liable to
> > type "sl" for "ls", and hide an "sl" binary with all caps somewhere.
>
> Only trusted people should be able to write to trusted bin dirs. People
> shouldn't have ./ or other unrested directories in their path unless they
> want someone to take over their caps/account.
>
> How about an extension to ext2 to allow GPG sigs on files, and a kernel
> module that only allows files to be executed if they are signed by a
> trusted key. :)

I've implemented this in another operating system before. Permissions are
handled by a security manager daemon which holds the various keys that the
machine trusts and what they are trusted with. Executables are signed by
one or more keys, and the executable contains the permission information.
When a program needs to be executed, the security manager is consulted,
and permission mask of the executable is essentially ANDed with the
permission mask of that particular key, granting access. Allows copying
privledged executables freely by any user, to any machine, as well as
executing over NFS. You could also then force all executables to be
signed, as well.

I wonder if this can be implemented elegantly under Linux?

-- Robert Minichino Denarius Enterprises, Inc. http://www.denarius.com/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Previous message: Pavel Machek: "Re: caps in elf, next itteration (the hack get's bigger)"