Re: [PATCH] 2.5.45: Filesystem capabilities

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Dax Kelson <dax@gurulabs.com>
To: Olaf Dietsche <olaf.dietsche#list.linux-kernel@t-online.de>
Cc: torvalds@transmeta.com, viro@math.psu.edu, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] 2.5.45: Filesystem capabilities
Date: 31 Oct 2002 11:11:50 -0700	[thread overview]
Message-ID: <1036087911.2296.19.camel@mentor> (raw)
In-Reply-To: <87znsuy9ho.fsf@goat.bogus.local>

On Thu, 2002-10-31 at 07:21, Olaf Dietsche wrote:
> Hi Linus,
> 
> This patch implements filesystem capabilities. It allows to run
> privileged executables without the need for suid root.
> 
> Changes:
> - switched from 32 bits to 128 bits for capabilities
> 
> I have addressed all objections Al Viro has raised. However, this is
> not widely tested so far. But this is a relative small patch, so it
> shouldn't be too hard to remove it later, if it turns out to be too
> dangerous, either security or file system wise.
> 
> Please include.
> 
> Regards, Olaf.

I second this!

I would very very much like to purge my systems of SUID root binaries. 

If this goes in, we/I should start a little project to audit the SUID
root binaries commonly found on Linux to see what are the minimum
capabilities each binary needs.

Ideally the distro then ship this way by default.

RPM/DPKG (tar,cpio?) should be modified to store the capabilities too.

Dax Kelson
Guru Labs

next prev parent reply	other threads:[~2002-10-31 18:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-31 14:21 [PATCH] 2.5.45: Filesystem capabilities Olaf Dietsche
2002-10-31 18:11 ` Dax Kelson [this message]
2002-11-01 23:27 ` Pavel Machek
2002-11-02 13:43   ` Olaf Dietsche

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1036087911.2296.19.camel@mentor \
    --to=dax@gurulabs.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=olaf.dietsche#list.linux-kernel@t-online.de \
    --cc=torvalds@transmeta.com \
    --cc=viro@math.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox