>
> On Sat, 2 Nov 2002, Alexander Viro wrote:
> >
> > <shrug> that can be done without doing anything to filesystem.
> > Namely, turn current "nosuid" of vfsmount into a mask of capabilities.
> > Then use bindings instead of links.
>
> I like that idea. It's very explicit, and clearly name-based, and we do
> have 99% of the support for it already.
It occurs to me that we actually do have the "extended symlink" concept in
UNIX already: the existing "#!" escape for executables is really exactly
that. It's just a structured symlink, except the extension is not a
capability, but rather it's the script to be fed to the executable.
With a simple extended binfmt_misc.c or binfmt_script.c, we could do a
capability escape (that only removes capabilities, but allows for suid
shells) fairly easily if people really want it. And it would work on any
almost-UNIXy filesystem, including NFS etc.
But I like Al's idea of mount binds even more, although it requires maybe
a bit more administration.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/