David Madore wrote: >I intend to add a couple of capabilities which are normally available >to all user processes, including capability to exec(), [...]
Once you have a mechanism that lets you prevent the untrusted program from exec-ing a setuid/setgid program (such as your bounding set idea), I don't see any added value in preventing the program from calling exec(). "Don't forbid what you can't prevent". The program can always emulate the effect of exec() in userspace (for non-setuid/setgid programs) -- doing so is tedious, but nothing prevents a malicious userspace program from implementing such a thing, I think. This is only a comment on forbidding exec(), not on anything else in your proposal. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/