Re: Capabilities

• Next message: Camm Maguire: "Re: eepro100 transmit timed out under 2.2.14 + ide + raid patches"
• Previous message: Andre Hedrick: "Re: Problems with IDE IRQ detection ?"
• In reply to: Andreas Gruenbacher: "Re: Capabilities"
• Next in thread: Andreas Gruenbacher: "Re: Capabilities"
• Reply: Andreas Gruenbacher: "Re: Capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 20 Feb 2000, Andreas Gruenbacher wrote:

> The kernel should boot up in non-trusted mode (with root and SUID root binaries
> recieving full capabilities, as it's implemented now).
>
> A simple syscall could then switch the kernel to trusted mode. Afterwards, root
> is treated as all other others.
>
> Switching to trusted mode then can easily be done in init scripts, ...
>
> Of course, there shouldn't be a way to switch back to non-trusted mode...
>

there shouldn't be any switch at any time.

Either your installation is compatible with a trust kernel or it's not.
And if it is, then by booting up in non-trusted mode you leave a small
window where the system is at risk. And hence switching to trusted mode
would be meaningless.

>
> Regards,
> Andreas
>

regards,

Paul Jakma
paul@clubi.ie
paul.jakma@compaq.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Camm Maguire: "Re: eepro100 transmit timed out under 2.2.14 + ide + raid patches"
• Previous message: Andre Hedrick: "Re: Problems with IDE IRQ detection ?"
• In reply to: Andreas Gruenbacher: "Re: Capabilities"
• Next in thread: Andreas Gruenbacher: "Re: Capabilities"
• Reply: Andreas Gruenbacher: "Re: Capabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:28 EST