From: Oliver Xymoron <oxymoron@waste.org>
To: Linus Torvalds <torvalds@transmeta.com>
Cc: Alexander Viro <viro@math.psu.edu>,
Olaf Dietsche <olaf.dietsche#list.linux-kernel@t-online.de>,
"Theodore Ts'o" <tytso@mit.edu>, Dax Kelson <dax@gurulabs.com>,
Rusty Russell <rusty@rustcorp.com.au>,
linux-kernel@vger.kernel.org, davej@suse.de
Subject: Re: Filesystem Capabilities in 2.6?
Date: Sat, 2 Nov 2002 21:50:17 -0600 [thread overview]
Message-ID: <20021103035017.GD18884@waste.org> (raw)
In-Reply-To: <Pine.LNX.4.44.0211021922280.2354-100000@home.transmeta.com>
On Sat, Nov 02, 2002 at 07:23:11PM -0800, Linus Torvalds wrote:
>
> On Sat, 2 Nov 2002, Alexander Viro wrote:
> >
> > <shrug> that can be done without doing anything to filesystem.
> > Namely, turn current "nosuid" of vfsmount into a mask of capabilities.
> > Then use bindings instead of links.
>
> I like that idea. It's very explicit, and clearly name-based, and we do
> have 99% of the support for it already.
Bindings are cool, but once you start talking about doing a lot of
them, they're rather ungainly due to not actually being persisted on
the filesystem, no?
A better approach is to just make a user-space capabilities-wrapper
that's setuid, drops capabilities quickly and safely and calls the
real app. Something like:
# mv ping ping.real
# chmod -s ping.real
# mkcapwrap +net_raw ping.real
# chmod +s ping
# showcapwrap ping
invokes /bin/ping
grants net_raw
#
No fs magic, no persistence issues, all user-space.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
next prev parent reply other threads:[~2002-11-03 3:44 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-01 8:49 Rusty's Remarkably Unreliable List of Pending 2.6 Features Rusty Russell
2002-11-01 16:19 ` Karim Yaghmour
2002-11-02 6:32 ` Rusty Russell
2002-11-01 18:32 ` Filesystem Capabilities in 2.6? Dax Kelson
2002-11-01 19:05 ` Nicholas Wourms
2002-11-01 22:07 ` Olaf Dietsche
2002-11-01 23:25 ` Jan Harkes
2002-11-04 17:51 ` Mark H. Wood
2002-11-01 22:07 ` Olaf Dietsche
2002-11-01 22:59 ` Rusty Russell
2002-11-02 13:41 ` Olaf Dietsche
2002-11-02 7:06 ` Theodore Ts'o
2002-11-02 13:38 ` Olaf Dietsche
2002-11-02 18:18 ` Olaf Dietsche
2002-11-02 22:57 ` Bernd Eckenfels
2002-11-02 18:35 ` Dax Kelson
2002-11-06 1:07 ` Bill Davidsen
2002-11-02 18:47 ` Linus Torvalds
2002-11-02 23:02 ` Bernd Eckenfels
2002-11-02 23:11 ` Chris Wedgwood
2002-11-03 0:18 ` Rik van Riel
2002-11-03 0:22 ` Linus Torvalds
2002-11-03 0:43 ` Alexander Viro
2002-11-03 0:52 ` Alexander Viro
2002-11-04 13:02 ` Pavel Machek
2002-11-03 0:47 ` Rik van Riel
2002-11-03 1:53 ` Linus Torvalds
2002-11-03 1:05 ` David D. Hagood
2002-11-03 2:05 ` Linus Torvalds
2002-11-03 13:55 ` Olaf Dietsche
2002-11-05 8:47 ` Rogier Wolff
2002-11-05 10:50 ` Bernd Eckenfels
2002-11-03 1:27 ` Alan Cox
2002-11-03 2:43 ` Werner Almesberger
2002-11-03 12:46 ` Alan Cox
2002-11-03 0:56 ` Olaf Dietsche
2002-11-03 2:03 ` Linus Torvalds
2002-11-03 2:21 ` Alexander Viro
2002-11-03 3:23 ` Linus Torvalds
2002-11-03 3:35 ` Linus Torvalds
2002-11-03 4:28 ` Alexander Viro
2002-11-03 13:03 ` Alan Cox
2002-11-03 14:51 ` Alexander Viro
2002-11-03 16:50 ` Alan Cox
2002-11-03 16:56 ` Alexander Viro
2002-11-03 16:56 ` yodaiken
2002-11-03 18:13 ` Linus Torvalds
2002-11-03 18:25 ` yodaiken
2002-11-03 18:42 ` Linus Torvalds
2002-11-04 0:40 ` Rik van Riel
2002-11-03 7:36 ` Hacksaw
2002-11-03 8:59 ` Kai Henningsen
2002-11-03 10:50 ` Hacksaw
2002-11-04 8:55 ` Rando Christensen
2002-11-03 12:57 ` Alan Cox
2002-11-03 15:20 ` Bernd Eckenfels
2002-11-03 16:30 ` Ragnar Kjørstad
2002-11-03 16:40 ` Bernd Eckenfels
2002-11-03 17:10 ` Alan Cox
2002-11-09 20:11 ` Pavel Machek
2002-11-10 22:50 ` Bernd Eckenfels
2002-11-03 13:55 ` Olaf Dietsche
2002-11-03 3:50 ` Oliver Xymoron [this message]
2002-11-03 4:00 ` Dax Kelson
2002-11-03 4:10 ` Oliver Xymoron
2002-11-03 13:55 ` Olaf Dietsche
2002-11-03 4:20 ` Linus Torvalds
2002-11-03 4:37 ` Alexander Viro
2002-11-03 4:54 ` Linus Torvalds
2002-11-03 5:09 ` Alexander Viro
2002-11-03 5:39 ` Linus Torvalds
2002-11-03 6:37 ` Alexander Viro
2002-11-03 7:16 ` Dax Kelson
2002-11-03 9:18 ` Alexander Viro
2002-11-03 20:35 ` Michal Jaegermann
2002-11-04 9:25 ` Antti Salmela
2002-11-04 12:24 ` Olaf Dietsche
2002-11-04 14:39 ` Theodore Ts'o
2002-11-04 15:13 ` Jesse Pollard
2002-11-03 5:03 ` Oliver Xymoron
2002-11-03 5:25 ` Dax Kelson
2002-11-03 5:52 ` Linus Torvalds
2002-11-03 6:46 ` Alexander Viro
2002-11-03 12:53 ` Alan Cox
2002-11-03 13:52 ` Olaf Dietsche
2002-11-03 14:38 ` Alexander Viro
2002-11-03 16:01 ` Olaf Dietsche
2002-11-03 16:09 ` Alexander Viro
2002-11-03 12:51 ` Alan Cox
2002-11-03 21:02 ` Ryan Anderson
2002-11-03 3:36 ` [REPORT] current use of capabilities Dax Kelson
2002-11-03 13:57 ` Olaf Dietsche
2002-11-05 12:14 ` Andreas Gruenbacher
2002-11-03 4:04 ` Filesystem Capabilities in 2.6? Dax Kelson
2002-11-03 4:10 ` Alexander Viro
2002-11-03 5:31 ` Erik Andersen
2002-11-03 5:37 ` Dax Kelson
2002-11-03 5:42 ` Erik Andersen
2002-11-03 6:07 ` Dax Kelson
2002-11-03 22:24 ` Anders Gustafsson
2002-11-03 15:13 ` Bernd Eckenfels
2002-11-03 12:45 ` Alan Cox
2002-11-03 15:49 ` Patrick Finnegan
2002-11-04 15:00 ` Patrick Finnegan
2002-11-04 15:51 ` Olaf Dietsche
2002-11-04 16:53 ` Patrick Finnegan
2002-11-04 17:23 ` Olaf Dietsche
2002-11-03 13:30 ` Olaf Dietsche
2002-11-03 15:11 ` Bernd Eckenfels
2002-11-04 2:49 ` Jan Harkes
2002-11-04 14:50 ` Theodore Ts'o
2002-11-04 15:33 ` Alan Cox
2002-11-04 20:35 ` Ulrich Drepper
2002-11-04 21:50 ` Linus Torvalds
2002-11-04 14:58 ` Jesse Pollard
2002-11-05 23:47 ` Bill Davidsen
2002-11-06 13:36 ` Jesse Pollard
2002-11-05 4:14 ` Andreas Gruenbacher
2002-11-05 14:48 ` Olaf Dietsche
2002-11-05 15:05 ` Andreas Gruenbacher
-- strict thread matches above, loose matches on Subject: below --
2002-11-03 0:31 Albert D. Cahalan
2002-11-03 3:15 ` john slee
2002-11-06 0:00 ` Bill Davidsen
2002-11-05 0:11 Tom Reinhart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021103035017.GD18884@waste.org \
--to=oxymoron@waste.org \
--cc=davej@suse.de \
--cc=dax@gurulabs.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf.dietsche#list.linux-kernel@t-online.de \
--cc=rusty@rustcorp.com.au \
--cc=torvalds@transmeta.com \
--cc=tytso@mit.edu \
--cc=viro@math.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox