I think POSIX.6 security would be a great thing to have in Linux 2.2.
Surely a POSIX.6 implementation (or one based on its ideas) is not too
much hassle. In fact with finals concluding soon I may attempt it myself
:)
However -- I know someone was hacking at POSIX.6 a while back, D. Moffat
was it? There was even a preliminary patch. Is work still ongoing? Anyone
got an offical spec. sheet for the thing?
I ask because I have the number of suid binaries on my system down to a
very low number, and the following remaining are just begging for a subset
of root privs:
ping, traceroute: priv = open raw socket
ssh,rlogin,rcp,r<etc> priv = open socket num < 1024
Other useful privilege subsets would of course be read any file, tty
chowning/chmoding, etc.
Cheers,
Chris