First of all, you can't use a standard user extended attribute, since
anyone with write access to the file will be allowed to set the
extended attribute. This isn't good if you're going to be granting
root-privileged capabilities to executables!
So what would be needed is code to set and get a special system xattr
(much like the POSIX ACL patches do) that is specifically set up for
capabilities, and with appropriate authorization access checks when
setting the capability xattr. In order to do that, we would have to
decide on the actual on-disk format encoding for capabilities (and one
which hopefully is extensible so that when additional capabilities are
added in the future, existing filesystems with capability attributes
remain backwards compatible). Finally, the ELF loader would have be
modified to read the capability extended attribute from the
executable, decode the xattr, and then set the capability masks
appropriately.
The code which I posted is a prerequisite for the above work, yes.
It's just that there's quite a bit of additional work that would be
necessary. (And this is all aside from the question about whether or
not it's a good idea for most system administrators to attempt to use
such a system once it was fully implemented.)
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/