Re: Capabilities done right [diff against 2.3.1]
Y2K (y2k@y2ker.com)
Wed, 19 May 1999 16:41:56 -0700 (PDT)
On Tue, 18 May 1999, Horst von Brand wrote:
> Pavel Machek <pavel@atrey.karlin.mff.cuni.cz> said:
> > Linus Torvalds on Sat, May 15, 1999 at 11:41:16PM -0700 said:
> > > > You want to allow shellscripts with special powers?!?!?
> > > I may want to _strip_ shellscripts of power.
> > Ok, that's legitimate. In such case , we'll have to modify shell to
> > understand something like --drop, so that beggining of shell would
> > look like
> > #!/bin/bash --drop NET_BIND_SERVICE
> Great. Now the default shell is all-powerful.
Right now if an all powerful person calls a script that script is all
powerful also. That is probably going to last for some time.
I have that configurable via SECURE_STRICT_FX .
Presently setting the "strict fx" securebit would render your machine
quite unusable. none of your shell scripts would have any caps whatsoever
and you depend on shell scripts a lot.
I also would advocate that shell builtins should be sufficient for
dropping and controling of caps in shell scripts.
--
Any caps I mention are *derived* from a withdrawn draft posix document.
See http://www.millenniumproductsllc.com/sjp/ for more info.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/