Re: Secure-linux and standard kernel

Joseph S D Yao (jsdy@gwyn.tux.org)
Mon, 13 Jul 1998 17:44:46 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Joseph S D Yao: "Re: Linus Speaks About KDE-Bashing"
Previous message: Brian Hurt: "RE: Linus Speaks About KDE-Bashing"

Mitch, somewhat calmer, announced:
> MOLNAR Ingo wrote:
> > the point is, we dont even need the filesystem set-capability stuff. By
> > including this feature in the ELF loading mechanizm somehow, _all_
> > filesystems (that support setuid root) will benefit from this, not only
> > ext2fs. ...
> > hm? this is really part of the 'executable' proper, _not_ of the
> > filesystem. ...
>
> I retract my previous position. You are probably correct. This somewhat
> flys in the face of the traditional UNIX model of having all
> protection-related information in the inode but the benefits may outweigh
> that.

NOT "the traditional Unix model" at all.

As the initial writer noted, this is a PROGRAM capability, not a FILE
capability. Only FILE capabilities/permissions/whatever were ever in
the inode - excepting setuid/setgid bits, which were a great concept at
the time, but which people are now saying should be a program capability
instead. Probably correctly.

Back when programs had different memory models - like separate I&D vs.
shared I&D, protected I-space vs. writable I-space, shared data
segments, etc. - and even with the broken memory models much later used
with Intel processors, the PROGRAM protection information was ALWAYS
stored in the program header.

Fair?

Joe Yao jsdy@tux.org - Joseph S. D. Yao

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Joseph S D Yao: "Re: Linus Speaks About KDE-Bashing"
Previous message: Brian Hurt: "RE: Linus Speaks About KDE-Bashing"