Re: file effective and process inheritable mask
Y2K (y2k@y2ker.com)
Fri, 23 Apr 1999 00:11:32 -0700 (PDT)
On Fri, 23 Apr 1999, Albert D. Cahalan wrote:
> The two most important extensions IMHO are:
>
> 1. The ability to mark an executable with the minimum capabilities
> needed to properly execute. This helps avoid crashes.
I am still working on that a little bit.
> 2. The ability to mark an executable with the capabilities that were
> known to the setup tool. The kernel can use default values for any
> bits that are not listed. This lets kernel developers add new bits
> for traditionally unprivileged operations and lets them split old
> bits into more fine-grained sets of bits.
How about CAP_LINUX_RESERVE_NORMAL_0 through CAP_LINUX_RESERVE_NORMAL_15
being defined for future caps which are new caps that presently availible
to everyone even non-root ones.
> After those two, I think it would be nice to allow configurations that
> are halfway between traditional behavior and the draft. One could let
> the more harmless capabilities (resources, read access...) be passed
> to child processes automatically, while enforcing the draft behavior
> for more destructive capabilities.
Thats easily done and won't even break the draft just define the default
fI to be pP&(CAP_LINUX_RESERVE_NORMAL_0 | ...
|CAP_LINUX_RESERVE_NORMAL_15) for unmarked executable files.
you might just save yourself some trouble and say fI=pP ;->
BTW thought you might want to know that my patch now supports what you
want done with "pure" caps via securebits mechanisms. I defined a new
SECURE_PURE_CAP thingy which hopefully you might like. I'll send out a
quick snapshot.
--
Warning when I mention capabilites I mean "soiled" capabilities not "pure".
Any caps I mention are *derived* from a withdrawn draft posix document.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/