Re: Capabilities: ALPHA time

Pavel Machek (pavel@atrey.karlin.mff.cuni.cz)
Tue, 4 May 1999 12:07:25 +0200

>
> On 30-Apr-99 Pavel Machek wrote:
> > Hi!
> >
> > Capabilities reached state where they are actually usefull. (I was
> > able to lower permissions for programs like ping and rlogin). There
> > are still some problems with headers (I include
> > /usr/src/linux/include/linux/capability.h directly -- that's ugly),
> > and there are problems with applications which do getuid() and then
> > print failed - must be run as root when they actually do not need root
> > at all (fping). Diff against kernel follows, and diff against
> > http://www.goop.org/~jeremy/elf-caps.html follows, too (Jeremy, please
> > apply at least parts which look clean to you).
>
> Your way of parsing an executable for notes is very fragile. I've posted a
> much better patch a couple of times - see
> http://www/~jeremy/caps/binfmt_elf.c.diff

Well, I'm still not sure your patch is better. I've seen it and it is
much more complicated. _If_ we want to support multiple different CAPS
notes with different versions simultaneously, _then_ your patch is the
way to go.I'm just not sure having multiple CAPS notes is good idea:
it makes kernel code more complicated, it is hard to imagine interface
to manipulate such multiple capabilities, and I do not think it is
neccessary at all. [You want single capabilities per executable, not
arbitrary number of capabilities. The later is too hard to use for
use and unneccessary, IMO.]

Pavel

-- 
The best software in life is free (not shareware)!		Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/