My inclination is that if a script needs capabilities, you should use a
wrapper executable. I don't like setuid scripts, I don't like set-capability
scripts for the same reason.
OTOH, it occurs to me that both the question of scripts with capabilities and
the problem of capabilitied executables on pre-capabilities kernels could be
solved by placing capability information in a header at the start of the
file. This header would be a multiple of a page size. exec()ing such a file
would validate the capabilities header, grant/revoke capabilities as needed,
then skip the header and fall through to the normal exec() mechanism.
This also solves the issue of capabilities being tied to the ELF file format,
for the Stone Age folk who are still running PDP-11 format executables :-)
This means you can't (easily) edit the script after attaching
capabilities... but that is in fact the correct behavior, editing the script
*should* invalidate the capabilities and *shouldn't* be done unless there's a
really good reason.
(Note that I am *not* advocating this; please reread the first paragraph.
I'm tossing it out as an option, in case it's decided that we for some reason
really want to enable set-capability scripts.)
--brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu carnegie mellon / electrical and computer engineering KF8NH We are Linux. Resistance is an indication that you missed the point.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/