Re: capabilities in elf headers, (my) final (and shortest) iteration

Pavel Machek (pavel@bug.ucw.cz)
Sun, 18 Apr 1999 21:19:31 +0200


Hi!

> I was thinking of this; someone mentioned a 'Perl Webserver'. I figured,
> the kernel already parses the first line to get the interpreter; why
> couldn't it parse the next three #! lines as well, and read in hex
> encoded

Wrong. Kernel ignores suid bit on scripts. There's no reason it should
honour capability headers.

[Take a look at way how scripts are executed. When script
'script.xyzzy' beggining with

#!/foo/bar

is executed, kernel executes /foo/bar script.xyzzy. There's a race
here - user can easily delete and replace script.xyzzy in between.]

> capabilities? (this only if the capability flag is set) The only sensible
> thing to do, then, would be to run the interpreter with that set and
> ignore the interpreter's set. (possibly an intelligent combination of the
> two, but I doubt this is a good idea)
>
> > The best I've seen so far is for any script to require the
> > capabilities of whichever interpreter it uses, in which case a capable
> > script would use a different version of the interpreter that included
> > the capabilities the script needed, and to my way of thinking, such a
> > scheme is open to abuse...
>
> Yes, with setuid you only needed one extra flavor. With capabilities,
> it's much worse.

No it is not. You can still make interpretter suid root, and
interpretter will have to look if script is marked, and in such case
interpretter will have to interpret 'capability headers' in the
script. (You can use your #! idea if you want.) But suid interpretter
will be the one who parses capabilities.

Pavel

-- 
I'm really pavel@atrey.karlin.mff.cuni.cz. 	   Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/