Re: capability inheritance (was: Re: patch to make Linux capabilities into something useful (v 0.3.1))

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--- David Madore <[email protected]> wrote:

> I can see no way of reconciling the POSIX rules with
> sane Unix behavior.

While one strives to maintain the decorum of
friendly debate, "Them's fighting words"*.

Have you read the POSIX DRAFT rationale section?
Have you read any of the DRAFT, for that matter?

Breaking privilege apart from UID==0 and the
setuid mechanism while allowing a system that
could still work without requiring programs
to be rewritten took quite a while. The DRAFT
versions don't differ that greatly after about
DRAFT 12. The scheme has been implemented
several times.

> Hence I can only give up if someone
> insists that the POSIX
> draft should be adhered to.
> 
> (Just in case someone were tempted to get away with
> a handwaving such
> as "just follow the POSIX rules except for suid
> root...", let that
> someone please try to come up with a full
> description of the rules
> which breaks nothing, and he will understand that
> it's not at all easy.)

The relationship between setuid and file based
capabilitiy sets is straitforward. There is
none. If your system supports root or capability
(like Irix) or strictly capability (like Trix)
the calculation is identical. There is a full
descrition of the rules in the DRAFT. If you
have questions about it, I'd be happy to dust
off my copy to help you understand it.

----
* Yosemite Sam in "High Diving Hare", 1949

Casey Schaufler
[email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux