> On Mon, 4 Nov 2002, Olaf Dietsche wrote:
>
>> Take a look at <http://atrey.karlin.mff.cuni.cz/~pavel/elfcap.html>.
>> Maybe this is what you had in mind?
>
> Similar, but not exactly the same:
>
> 1) Capabilities should be enabled explicitly not dropped explicitly -
> it's a 'more secure' way to do it.
>
> 2) Capabilities shouldn't be preserved across an execve except for once,
For this you need to clear the permitted and inheritable set.
> as needed by wrapper scripts/binaries. This way even if someone figures
> out how to exploit the code to do an exec, they're left with no caps at
> all. If desired, a new binfmt "cap_wrap" could be created that can be
> used as a capabilities wrapper for executables, which the kernel looks
> at to determine 1) what caps to use and 2) what binary to run. The
> wrapper will need to be suid root in order to gain caps still.
Here you will find capabilities with a new binfmt type:
<http://groups.google.com/groups?selm=linux.kernel.20020317121118.A18548%40glacier.arctrix.com>
Elfcap and capwrap both allow to have capabilities.
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/