Re: Filesystem Capabilities in 2.6?

Jan Harkes (jaharkes@cs.cmu.edu)
Sun, 3 Nov 2002 21:49:10 -0500

On Sat, Nov 02, 2002 at 06:03:12PM -0800, Linus Torvalds wrote:
> The reason I like directory entries as opposed to inodes is that if you
> work this way, you can actually give different people _different_
> capabilities for the same program. You don't need to have two different
> installs, you can have one install and two different links to it.

For several years, I have had only one suid root binary on my system.
All other 'setuid' applications are simply symlinks to this binary.

$ ls -l /bin/ping*
lrwxrwxrwx 1 root root 14 Nov 18 2001 /bin/ping -> /usr/bin/super
-rwxr-xr-x 1 root root 15244 Nov 18 2001 /bin/ping.suid

There is a a nice configuration file that is used to decide whether to
use suid or setgid, which parts of the environment to drop/keep. And all
of this based on the user, the time and any other conditions I would
like to enforce.

Now super does not (yet) support capabilities. But it shouldn't be too
hard to modify it so that it forks, drops capabilities, (possibly change
the euid to the original user?) and exec the actual binary.

Jan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/