Re: Allowing users to set set[ug]id bits

Theodore Y. Ts'o (tytso@mit.edu)
Thu, 19 Dec 1996 14:17:57 -0500


From: marekm@i17linuxb.ists.pwr.wroc.pl (Marek Michalkiewicz)
Date: Wed, 18 Dec 1996 19:10:51 +0100 (MET)

BTW, the idea is not mine - SCO UNIX supports something like this, so
I thought it would be good to have that in Linux too (SCO sucks when
it comes to performance, but they have some nice security features;
I think we can have both performance and security). Quoting from the
SCO man page:

setpriv(S)

This is part of the POSIX.6 security specification, which is something
*additional* that you can layer on top of Linux. Note that it doesn't
turn completely destroy the ability to make setuid programs, but it
allows the system administrator to restrict (and many other things) on a
very fine-grained basis.

POSIX.6 is a good thing, but it's not trivial to administer such a
system securely. There is a mailing list for people who are interested
in implementing POSIX.6 in Linux --- send mail to
linux-privs-request@mit.edu if you wish to join. However, beware that
it is a very big project to implement, and even if you do implement it,
the number of people who will know how to administer such a system are
very few. (Basically, you end up with a POSIX compliant system, but the
security semantics are much more like VMS than Unix.)

- Ted