I think some kind of small-interface solution like bounds-checking
compilers should help considerably -- but, of course, it's not a
panacea.
> Debugging
> device drivers can be difficult too sometimes. All you can do is your
> best, but I'd hope you would be willing to put forth a bit more effort to
> ensure that something with root privs is clean.
>
> I think this situation is a very good argument in favor of ACLs.
> Root is too blunt an instrument. It creates "implicit microkerneling",
> where any special priv needs require the needy code to in effect become
> part of the OS.
I'm not clear on how ACLs help. (Do you mean filesystem ACLs?)
The "capability" stuff in 2.1 should help quite a bit with this. Lots
of things are setuid root so they can bind a reserved port, for
example. I'll be a lot happier when I can run named as a normal user!
Kragen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html