|| ||Andy Lutomirski <email@example.com>|
|| ||firstname.lastname@example.org, email@example.com, firstname.lastname@example.org|
|| ||[PATCH 0/2] capabilities|
|| ||Tue, 11 May 2004 20:24:22 -0700|
This reintroduces useful capabilities.
In this model, the inheritable mask is a limit on what capabilities
the task or any of its children may have. Permitted and effective masks
have their old meanings.
Init gets all capabilities (even CAP_SETPCAP) since it seems absurd to do
Part 1 shouldn't change user-visible behavior; it just moves the vfs
capability logic into fs/exec.c (where it IMHO belongs) and the setuid
logic into apply_creds (where it IMHO belongs). I made no effort to
make apply_creds pretty since it all gets deleted in the next patch
Part 2 redoes the capability logic.
This code is paranoid about setuid. A later patch will allow that to
be overridden by a sysctl so that securelevel can be done usefully.
I left cap_bset in, even though I can't see a use for it anymore.
I put some user tools at http://www.stanford.edu/~luto/cap/; I've used
themn to exercise this code somewhat.
It applies to 2.6.6-mm1. It does _not_ apply to 2.6.6 vanilla, but the fix
should be trivial (it conflicts with something in fs/exec.c). It will not
apply to earlier versions, as it depends on the compute_creds race fix.
Please let me know what you think and if you see any holes in this code
or possibilities of exposing / introducing bugs in other programs (think
This should also eliminate the Oracle magic-group mess :)
Andrew- is this sufficiently non-scary for -mm?
Where this is going:
There is probably some dead code now in sys_capset. I'll check on that.
Also, I have an ext3 xattr caps patch lying around somewhere. I can try
to get it working again.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/