On Fri, Jul 03, 2009 at 05:43:38AM -0700, Casper Dik wrote: > Additional, this project will deliver "Forced Privileges" through > the exec_attr database: > > - Unsafe privileges are not required to execute ping, traceroute, > etc. (If an executable is set-uid root, then the kernel > will lookup the Forced Privileges for that executable) > - Set-uid applications in that list will not start as root, > instead they run with the appropriate privileges.
It's not clear if you meant that there's a new interface for specifying "Forced Privileges". Are you saying that there's now a way to separately specify privileges to "force" on exec() beyond what the process has in its limit set, or that the kernel grants less than "full privilege" (currently euid == 0 + oE = oP = L) to processes exec()ing set-uid programs for which there exist exec_attr(4) entries? If the former then I'd expect there should be more details. If the latter, then, does that apply regardless of whether PRIV_PFEXEC is set? Nico --
