Re: Filesystem Capabilities in 2.6?

From: Albert D. Cahalan (acahalan@cs.uml.edu)
Date: Sat Nov 02 2002 - 19:31:08 EST

Next message: Anu: "identifying the idling kernel and kernel hacking."
Previous message: Luc Saillard: "Re: oops when using ide-cd with 2.5.45 and cdrecord"
Maybe in reply to: Dax Kelson: "Filesystem Capabilities in 2.6?"
Next in thread: john slee: "Re: Filesystem Capabilities in 2.6?"
Reply: john slee: "Re: Filesystem Capabilities in 2.6?"
Reply: Bill Davidsen: "Re: Filesystem Capabilities in 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have to wonder, just how many setuid executables do people have?
Implementing filesystem capability bits in ramfs or tmpfs might do
the job. At boot, initramfs stuff puts a few trusted executables
in /trusted and sets the capability bits. Then "mount --bind" to
put /trusted/su over an empty /bin/su file, or use symlinks.

One might as well make "nosuid" the default then, and mount the
root filesystem that way. It's not as if a system needs to have
gigabytes of setuid executables.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Anu: "identifying the idling kernel and kernel hacking."
Previous message: Luc Saillard: "Re: oops when using ide-cd with 2.5.45 and cdrecord"
Maybe in reply to: Dax Kelson: "Filesystem Capabilities in 2.6?"
Next in thread: john slee: "Re: Filesystem Capabilities in 2.6?"
Reply: john slee: "Re: Filesystem Capabilities in 2.6?"
Reply: Bill Davidsen: "Re: Filesystem Capabilities in 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:27 EST