Re: Capabilities done right [diff against 2.3.1]

Zygo Blaxell (uixjjji1@umail.furryterror.org)
16 May 1999 17:33:47 -0400

In article <199905160625.CAA14720@jupiter.cs.uml.edu>,
Albert D. Cahalan <acahalan@cs.uml.edu> wrote:
>Linus Torvalds writes:
>> On Fri, 14 May 1999, Pavel Machek wrote:
>> I suspect that it would be cleaner to have capabilities be a name-space
>> issue rather than an inode issue. For example, the one thing I've always
>> wanted to do with symlinks is to have symlinks that can change the
>> privileges of the lookup - it's complex and maybe not a good idea, but
>> it's a more intriguing concept and works with shellscripts and other
>> systems where you can't add ELF notes..
>
>You want to allow shellscripts with special powers?!?!?

No, we (or at least I) might want to allow filenames with special powers.
For example:

mkdir -p /var/lib/private
chmod 700 /var/lib/private
mkdir -p /var/lib/public
chmod 755 /var/lib/public
make_some_data > /var/lib/private/file
chmod 600 /var/lib/private/file
ln -s /var/lib/private/file /var/lib/public/file

# Everything up to now is standard stuff.
# Here's the new stuff:

chmod a+s (insert magic here) /var/lib/public/file

>From here on, anyone can access '/var/lib/private/file' if (and only if)
they follow the symlink '/var/lib/public/file'. 

-- 
Zygo Blaxell, Linux Engineer, Corel Corporation.  zygob@corel.ca (work) or
zblaxell@furryterror.org (play).  Opinions above are my own, not Corel's.
Linux ryo-ohki 2.2.1 #3 SMP Jan 31 23:45 EST 1999 i586 up 5 days, 20:37


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/