Hi!
> pavel-velo@bug.ucw.cz:
> > >> which spawned an entire OTHER
> > >> argument on how that should be done. (ext2+caps,elfcap,et al)
> > >
> > >Yep. Capabilities in ext2 is just wrong. Using ELF is merely bad.
> > >This is a UNIX clone you know; you can't make it into VMS.
> >
> > Why not? Elfcap is simple hack that does not break anything. Capabilities *are* usefull for simple tasks already. I do not know about VMS, but current system has practical uses.
>
> Elfcap is insecure, and permits the generation of trojan horses.
Albert explained it vy nicely. You are wrong.
> Until you are passed a trojan horse.
When you are passed a trojan horse with setuid bit set -- well -- you
are in exactly the same situation with elfcap. Just don't take trojan
horses with setuid bit set from unknown peopel. That always was like
this. Oh and you can do dump capabilities it will drop with simple
utility, so you can see for yourself which capabilities it is going to
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:31 EST