Re: Capabilities done right [diff against 2.3.1]

Pavel Machek (pavel@atrey.karlin.mff.cuni.cz)
Mon, 17 May 1999 14:17:47 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rogier Wolff: "Re: Capabilities done right [diff against 2.3.1]"
Previous message: Alistair Riddell: "Re: 2.2.9 swaps a lot"

Hi!

> > You want to allow shellscripts with special powers?!?!?
>
> I may want to _strip_ shellscripts of power.

Ok, that's legitimate. In such case , we'll have to modify shell to
understand something like --drop, so that beggining of shell would
look like

#!/bin/bash --drop NET_BIND_SERVICE

. Which again has nice property like surviving NFS/ftp transfers etc.

> I may want to give special power to certain Javascripts (assuming I'd ever
> trust the java engine itself). I do _not_ consider it acceptable to give
> all powers to the java interpreter in general, but I _do_ consider it
> acceptable to give special capabilities to certain scripts.

Hm, so java will have to be modified. OR you'll have to modify kernel
not to pass scriptname to interpretter (as it currently does) but to
pass open fd. Passing open fd of program being executed might allow us
to honour setuid bits on scripts etc.

> I may have anoter safe scripting language. Perl comes to mind. And I may
> want to have scripts that have special privileges, installed to do system
> administration.

Having capabilities in namespace will not help you much - you'll have
to fix passing script fd to script interpretter, first. When do you
expect utilities like tar and cp capabilities-aware? I do not think it
will be widespread before 2002 or so.

BTW you certainly will not be stuck with this decission forever. You
can drop it at any time. As long as this hack is used wisely
(i.e. only limiting capabilities of current programs), you can drop it
and system will return to 2.2 situation.

Pavel
PS: It would be pretty nice to invent new "is_capability_enhanced"
marker into filesystems, so I could drop "set euid back to ruid" hack;
but again that is lot of work and quite a big semantic change.

-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Rogier Wolff: "Re: Capabilities done right [diff against 2.3.1]"
Previous message: Alistair Riddell: "Re: 2.2.9 swaps a lot"