On Mon, 12 Apr 1999, Horst von Brand wrote:
> Richard Gooch <rgooch@atnf.csiro.au> said:
[snip]
> > tar, cp, cpio, gzip, bzip2, NFS, CODA, rdist and many more, I'm
> > sure. I've got a backup programme written in C which would lose
> > capability information unless I went in an added a Linux-specific hack
> > to it. I'm sure there are dozens or hundreds of similar "personal"
> > programmes out there that will break.
>
> But all of those are currently very well aware of S[UG]ID, if it really
> matters...
Well, the stickybit/immutable solution has been modified so that it can
be compatible with local fs tools, but is still not completely secure with
remote fs's. Still, nfs at least should understand the sticky bit, and if
you can trust the security of the sticky bit on the remote system, it _is_
possible to use caps with a mount option.
I hope you're both following my thread with Pavel Machek, where I have
shown showstopper problems with the setuid0 scheme. It just doesn't
implement capabilities, but rather mutates them badly in order to work
with the setuid0 scheme.
> --
> Horst von Brand vonbrand@sleipnir.valparaiso.cl
> Casilla 9G, Viņa del Mar, Chile +56 32 672616
>
cheers,
David
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/