No, there is still a root in a capabilities system. There is no reason
there shouldn't be. There will always have to be one account with the
power to grant capabilities. That account may as well be the
traditional root.
Having a capabilities-enabled system simply does not imply that the
root account changes. I wish people would stop making this false
connection.
> - The idea of keeping capabilities in the file itself invites capability
> smuggling, better if programs that don't know about capabilities can't
> handle them at all: No dumb tar(1), no hexeditor, no cp(1), ...
Wrong. There will be no smuggling, because lusers can't create of
modify binaries which grant capabilities, just like now you can't
create or modify a suid-root programme.
Supporting tar, cp, NFS, cpio, CODA and various backup programmes is
*good*, it's not "smuggling". I *WANT* to export an NFS filesystem
from a non Linux-2.2 box and have capabilities just work.
> - This is a ELF-only kludge. What about a Web server written in
> Perl? CGIs written in Java that need extra privileges?
Wrapper binaries. It's the only safe and sensible way to do it
anyway. That way you can sanitise the command-line and
environment. FYI: have you ever noticed sperl? It's the Perl
interpreter with suid-root. That's how you get so-called suid Perl
scripts (which they're not, really, but sperl makes it look that
way). We *don't* support suid scripts anyway. Again, this is a
non-issue.
Regards,
Richard....
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/