Re: [patch 2.1.97] more capabilities support

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Sun, 19 Apr 1998 18:41:55 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: BlueFlux: "small report on 2.1.97"
Previous message: Alexander Kjeldaas: "Re: [patch 2.1.97] more capabilities support"
In reply to: MOLNAR Ingo: "Re: NE2000 slow interrupts safe?"
Next in thread: Andrew Morgan: "Re: [patch 2.1.97] more capabilities support"

On Sun, 19 Apr 1998, Albert D. Cahalan wrote:

> * a Bounding Set that serves as a fail-safe mechanism to ensure users
> cannot acquire more privilege beyond what they have been authorized

Excellent, yes, please implement this set. It should merely be the matter
of an extra mask in the compute_creds function, and a couple more calls to
drop bits from this mask.

I perceieve the main benefit of this for users like "nobody"; with an
empty bounding set the user really can be "unprivileged", in the sense
they can't try and exploit your SUID/privileged programs to gain a root
shell etc.

Cheers
Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: BlueFlux: "small report on 2.1.97"
Previous message: Alexander Kjeldaas: "Re: [patch 2.1.97] more capabilities support"
In reply to: MOLNAR Ingo: "Re: NE2000 slow interrupts safe?"
Next in thread: Andrew Morgan: "Re: [patch 2.1.97] more capabilities support"