>>> You want to allow shellscripts with special powers?!?!?
>>
>> I may want to _strip_ shellscripts of power.
>I suppose you intend to turn normal user abilities into default
>capabilities. (the ability to write to a writable file...)
That by definition isn't a privilege. If the file is writable by that
user, then the privilege
for DAC write permission override isn't needed to write it. However,
the uid check should
be short circuited by the check DAC write permission override.
I would believe that eventually you would want to convert all uid 0
checks in the kernel to
capabilities checks. Then if you've compiled the kernel with out
capabilities enabled,
you'd dummy up the effective, permitted and inheritable sets for all
uid 0 processes to
have ALL privileges in it, and all other normal users have NONE in their
process capability sets.
If it is enabled then you perform the normal capabilities calculations
whenever a process is
exec()'ed. Is this the plan Linus?
>I think that has the same problem, but nevermind.
Capabilities checks should apply to all programs and processes not just
setuid root ones, or ones
run by root. Thats the whole point of principle of least privilege, to
obsolete the setuid bit
and the all powerful root user.
I realize the removal of the all powerful root sounds scary from a
"normal unix"
standpoint. But it's not really needed in a good principle of least
privilege
implementation.
John
-- John Wojtowicz, Secure Systems Engineer jwojtowicz@tcs-sec.com Trusted Computer Solutions wojtowij@erols.com Herndon, VA 20171
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/