> > > hm? this is really part of the 'executable' proper, _not_ of the
> > > filesystem. capabilities are inherently associated with binary executable
> > > code. There is no point in allocating capabilities bimask for say a news
> > > spool article file ...
>
> Yes, but they *can't* be part of the binary executable itself: It would be
> just way too easy to fake them. [...]
i think you are overlooking the fact that the kernel only evaluates this
'extra info' if the given binary is a setuid root binary. Which means it's
contents are absolutely trusted.
> No good. I can bring my own SUID root equivalent capable binaries from
> home, or just edit some random copy of /bin/sh with emacs to fix it up.
no. if you copy a setuid root binary, it looses the setuid root bit, for
the above obvious reason ...
you cannot mount those 'home created' floppies or whatever without the
proper priviledges. You cannot create a setuid root file without the
proper priviledges.
there is no problem with the current priviledges concept, it really
enables us to create a more secure system.
-- mingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu