Re: Capabilities done right [diff against 2.3.1]

Linus Torvalds (torvalds@transmeta.com)
Sat, 15 May 1999 11:32:07 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert D. Cahalan: "Re: /sbin/update & 2.2.8"
Previous message: Andrea Arcangeli: "Re: /sbin/update & 2.2.8"

On Fri, 14 May 1999, Pavel Machek wrote:
>
> Next try with capabilities, this time against 2.3.1. Patch is completely
> safe and should significantly enhance system security. It is completely
> backward compatible: ie. no semantics change. Capabilities are
> implemented using elf notes (and this version parses notes correctly).
> Software exists for adding capabilities at runtime, so you don't even
> require a recompile.

I'm not entirely convinced. The thing with ELF notes is that they only
work with ELF. That may sound obvious, and it is, but it makes me wonder
whether it's the right way at all.

I suspect that it would be cleaner to have capabilities be a name-space
issue rather than an inode issue. For example, the one thing I've always
wanted to do with symlinks is to have symlinks that can change the
privileges of the lookup - it's complex and maybe not a good idea, but
it's a more intriguing concept and works with shellscripts and other
systems where you can't add ELF notes..

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Albert D. Cahalan: "Re: /sbin/update & 2.2.8"
Previous message: Andrea Arcangeli: "Re: /sbin/update & 2.2.8"