> > I don't see why Perl's mechanism for SUID scripts used on Linux couldn't
> > be expanded to cover capabilites as well. Except that that would make
> > as small part of Perl the single point of failure in the security system.
>
> I don't want to trust an all-capable Perl interpreter. Not on a system that
> is important/critical enough to be secured by capabilitites. A clean
> solution is given if the script carries capabilities, the kernel notes this
> and invokes the interpreter with the capabilities the filesystem grants. In
> this case it is useless to trick the interpreter.
As things are right now you can't do this or you'll end up with the same
security problem as for example SUID scripts on SunOS 4 had.
To make things work as you want them a filedescriptor to the SUID script
would have to be passed to the interpreter by binfmt_skript and every
interpreter would have to be changed to take advantage of that. Otherwise
there is a security hole ...
Ralf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/