Re: userspace capabilities [was Re: caps in elf headers: use the stickybit!]

Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Tue, 13 Apr 1999 21:06:58 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: thospel@mail.dma.be: "Re: ext3 to include capabilities?"
Previous message: root: "Errors Compiling 2.2.6-2"

In message <Pine.LNX.3.96L.990413122905.2467A-100000@manetheren.res.cmu.edu>, P
aul Cassella writes:
+-----
| One problem I see with this is that the fork()'d processes become children
| of the daemon, not of the calling process. This could be vaguely
| simulated, for most purposes of wait() and kill(), but it would be really
| hairy.
+--->8

I'd consider this a feature; I'd rather that elevated-caps programs not run
in an untrusted context. Moreover, you really don't want your elevated-caps
programs to be too big: they become unverifiable.

-- brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering KF8NH We are Linux. Resistance is an indication that you missed the point.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: thospel@mail.dma.be: "Re: ext3 to include capabilities?"
Previous message: root: "Errors Compiling 2.2.6-2"