Re: capabilities patch (v 0.1)

David Madore  wrote:
>I intend to add a couple of capabilities which are normally available
>to all user processes, including capability to exec(), [...]

Once you have a mechanism that lets you prevent the untrusted program
from exec-ing a setuid/setgid program (such as your bounding set idea),
I don't see any added value in preventing the program from calling exec().

"Don't forbid what you can't prevent".  The program can always emulate
the effect of exec() in userspace (for non-setuid/setgid programs) --
doing so is tedious, but nothing prevents a malicious userspace program
from implementing such a thing, I think.

This is only a comment on forbidding exec(), not on anything else in
your proposal.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- Re: capabilities patch (v 0.1)
  - From: Chris Wright <[email protected]>
- Re: capabilities patch (v 0.1)
  - From: Bodo Eggert <[email protected]>
- Re: capabilities patch (v 0.1)
  - From: David Madore <[email protected]>

Prev by Date: [ANNOUNCE] Interbench v0.29 - Interactivity benchmark
Next by Date: Re: [PATCH] net/ipv4 debug cleanup, kernel 2.6.13-rc5
Previous by thread: Re: capabilities patch (v 0.1)
Next by thread: Re: capabilities patch (v 0.1)
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind]