Re: caps in elf, next itteration (the hack get's bigger)

Andrej Presern (andrejp@luz.fe.uni-lj.si)
Tue, 13 Apr 1999 17:49:24 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen C. Tweedie: "Re: looking for info on kernel_thread"
Previous message: Christian Reiniger: "Re: PROBLEM: MO mounting not working w/ 2.2.3+"
Maybe in reply to: David L. Parsley: "caps in elf, next itteration (the hack get's bigger)"

On Mon, 12 Apr 1999, David L. Parsley (lkml account) wrote:
>> who says the [root owned] +s, capability-enabled binaries need to be +x ?
> ^^^^^^^^^^^^
>IMHO, that's the problem right there. In a true capabilities-based
>system,

You keep mentioning a 'true capabilities-based system' when you're realy
discussing a mutilated capability LIST design. Please don't confuse the two,
obviously different, concepts.

As for the 'topic', your fundamental problems lie not in the dillema of using
sticky and suid bits. Your fundamental problems lie in the inadequacy of the
POSIX privileges concept to provide a competent security mechanism and in the
nature of existing subsystems and mechanisms which were not designed with
security in mind but actively participate in the security subsystem - both of
which manifest in the ad-hoc-ness of the proposed solution(s).

Andrej

-- Andrej Presern, andrejp@luz.fe.uni-lj.si

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen C. Tweedie: "Re: looking for info on kernel_thread"
Previous message: Christian Reiniger: "Re: PROBLEM: MO mounting not working w/ 2.2.3+"
Maybe in reply to: David L. Parsley: "caps in elf, next itteration (the hack get's bigger)"