> > My big question with Pavel's patches is that if you're just dropping
> > privileges, why not just do it programmatically in the program?
>
> Maybe because it's often impossible without writing a new program?
>
> Let me you all an example. Let's say that I installed a fresh copy of
> Linux, and I want to run program xxx as root, but I don't quite trust it
> enough to do everything, so I want to drop certain privileges. How do I do
> that?
>
> With ELF notes, there's not a way in hell I do that without compiling up
> my own program. That may be acceptable to engineers, but it sure as hell
> doesn't make sense, and it sure isn't very friendly.
Oh, I guess you missed one point: using jeremy's elf hacks, it is well
possible to add ELF note to existing executable [this is why I done
this!]. So, in your example, you just
setcap -c NET_RAW -sd /bin/ping
which does really strange things with that elf executable (basically
takes it to the pieces and puts them back), but at the end you have
executable that will drop everything bug NET_RAW far before main().
> And anything that requires me to compile anything as a MIS person is
> basically not acceptable. Remember what =users= are? They are the
> kind of
I need not to compile. I just setcap ... on existing executable.
Pavel
PS: I'm actually preparing capcheck script which will go after all
known suid executables and give them just permissions they need.
-- I'm really pavel@ucw.cz. Look at http://195.113.31.123/~pavel. Pavel Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/