Re: Caps in elf: discussion stopper [was Re: caps in elf headers: use the sticky bit!]

Pavel Machek (pavel@bug.ucw.cz)
Wed, 21 Apr 1999 21:19:04 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alexander Viro: "Re: [replace-alexv-buffer.c-patch] Re: [PATCH] Several bad bugs in"
Previous message: Siddharth Srivastava: "generating mouse clicks"
In reply to: tytso@mit.edu: "Re: Caps in elf: discussion stopper [was Re: caps in elf headers: use the sticky bit!]"
Next in thread: Alon Ziv: "Re: Caps in elf: discussion stopper [was Re: caps in elf headers:"

Hi!

> So this would be a very simple model where you just have a setuid root
> program, and it could simply drop some or all of its
> privileges/capabilities at any point in its execution --- perhaps at the
> beginning, perhaps later on in the execution of the program, etc. It's
> more flexible and simpler than the setuid-root-and-use-ELF approach.

Reading elf sections is trivial (take a look :-). Advantage of reading
elf sections is that you can ask "what capabilities does program XYZ
use?". I think that is pretty essential (along with ability to say:
"force program XYZ to use capability CAP_NET_RAW only).

Pavel

-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexander Viro: "Re: [replace-alexv-buffer.c-patch] Re: [PATCH] Several bad bugs in"
Previous message: Siddharth Srivastava: "generating mouse clicks"
In reply to: tytso@mit.edu: "Re: Caps in elf: discussion stopper [was Re: caps in elf headers: use the sticky bit!]"
Next in thread: Alon Ziv: "Re: Caps in elf: discussion stopper [was Re: caps in elf headers:"