That's hard part, because this way dynamic linker + anything run
before main() runs with elevated priviledges. That's problem, at least
for me.
I just came up with a random thought ---- and I'd need to do more
investigating about the ELF format to make sure this is actually doable,
but I believe we can control the order in which constructurs get run,
yes?
So why not simply put the code which drops the privileges in a
constructor which is engineered to be run first? If the way that
constructor is setup uses a stylized code can be easily found by a
setcap or checkcap program (i.e., give the constructor a standard name,
and store the capability restriction in a standard variable referenced
by the constructor), then you can get the ability to query/set the
capabilities, but it's done in such a way which doesn't require any
special kernel hacks to enable the feature.
This is actually a really cool thing, since it means that people could
start using it with the current stable kernel, without needing any
kernel patches or needing to wait for Linux 2.4 to ship.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/