Re: capwrap: granting capabilities without fs support

From: Stephen Smalley
Date: Thu Apr 08 2004 - 11:58:25 EST

Next message: Hanna Linder: "Re: [PATCH 2.6] add class support to dsp56k.c"
Previous message: Martin J. Bligh: "Re: NUMA API for Linux"
In reply to: Andy Lutomirski: "Re: capwrap: granting capabilities without fs support"
Next in thread: Chris Wright: "Re: capwrap: granting capabilities without fs support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2004-04-08 at 10:07, Andy Lutomirski wrote:
> When I have time (hopefully real soon now), I'll post a patch to actually fix
> capabilities. With that patch, this can be a trivial wrapper script instead of
> a kernel module. Note that this could be _very_ dangerous if glibc does the
> wrong thing (I don't know whether it does, though).

The security_bprm_secureexec hook can be used to cause the AT_SECURE
flag to be set in the ELF auxiliary table, and glibc now uses that flag
to determine whether to enable secure mode. You would need to patch
cap_bprm_secureexec to do the right thing, but otherwise the support is
ready. SELinux uses this to enable glibc secure mode for role/domain
changes.

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hanna Linder: "Re: [PATCH 2.6] add class support to dsp56k.c"
Previous message: Martin J. Bligh: "Re: NUMA API for Linux"
In reply to: Andy Lutomirski: "Re: capwrap: granting capabilities without fs support"
Next in thread: Chris Wright: "Re: capwrap: granting capabilities without fs support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]