On Sat Nov 02, 2002 at 09:04:07PM -0700, Dax Kelson wrote:
> On Sat, 2 Nov 2002, Alexander Viro wrote:
>
> > <shrug> that can be done without doing anything to filesystem.
> > Namely, turn current "nosuid" of vfsmount into a mask of capabilities.
> > Then use bindings instead of links. *Note* - binary _is_ marked suid,
> > mask tells which capabilities _not_ to gain. It's OK - attempt to
> > link(2) to the thing using binding will see that oldname and newname
> > are within different vfsmounts, so instead of link to suid-root binary
> > you get -EXDEV.
>
> Any thoughts on how /usr/bin/(rpm|dpkg) copes with setting up the binding
> when installing a package?
postint script
-Erik
-- Erik B. Andersen http://codepoet-consulting.com/ --This message was written using 73% post-consumer electrons-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:28 EST