On Tue, 13 Apr 1999, Horst von Brand wrote:
> Richard Gooch <rgooch@atnf.csiro.au>
>
> [...]
>
> > If you really want to completely remove UID=0 tests from the kernel,
> > then we have to put caps into the FS as metadata, because using the
> > sticky bit on ordinary user files is too insecure. At the moment the
> > debate is about ELF cap headers and whether to use suid-root or the
> > sticky bit as the magic flag. In that debate, I think suid-root wins
> > by default.
>
> Bingo!
I'm curious, Dr. von Brand; have you considered stickybit + immutable? (as
explained in my recent treatise to Richard ;-) It solves a lot of
problems and gives us:
- a MUCH truer implementation of capabilities
- as much compatibility as possible while still being a capabilities-based
system
Also, my guess is that you are actually saying 'capabilities should be
stored as metadata in the fs'.
> --
> Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl
> Departamento de Informatica Fono: +56 32 654431
> Universidad Tecnica Federico Santa Maria +56 32 654239
> Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/