View Incident:
http://co-op.engr.sgi.com/BugWorks/code/bwxquery.cgi?search=Search&wlong=1&view_type=Bug&wi=768252
*Status : closed Priority : 2
Assigned Engineer : kpreslan Submitter : mostek
Opened Date : 09/23/99 *Closed Date : 06/28/00
*Fixed By : lord *Fixed By Domain : sgi.com
*Modified Date : 06/28/00 *Modified User : lord
*Modified User Domain : sgi.com *Fix Description :
==========================
ADDITIONAL INFORMATION (CLOSE)
From: lord@xxxxxxx (BWX)
Date: Jun 28 2000 08:08:38AM
==========================
Closing PVs which were fixed in the XFS linux port a long time
ago.
Description :
Security issues need to be resolved.
i.) creds are used throughout XFS. These need to be correctly
set-up on Linux. For now, the assumption is that a sys_cred will work because
Linux already does permission checking everywhere. Is this true?
ii.) capabilities and ACLs need to be studied. On IRIX, these are
kept as extended attributes.
==========================
ADDITIONAL INFORMATION (UPDATE)
From: mostek@xxxxxxx (BWX)
.....
==========================
ADDITIONAL INFORMATION (ADD)
From: kpreslan@engr (BugWorks)
Date: Oct 05 1999 01:14:13PM
==========================
Currently, Linux supports giving capabilities to processes. There are system
calls capget and capset that access the capabilities of a process or
group of processes.
There is no support in 2.2 or 2.3 for attaching capabilities to files (which
is what we're interested in). However, there is a 3rd party patch to add the
new inode operation that allows capabilities. The inode operation could call
XFS
code to do the standard XFS capability stuff in the extended attributes.
With Linus' feature freeze for 2.4, I doubt the patch could make it into the
standard kernel before 2.5. So, unless someone thinks capabilities are
really important for the initial release, I suggest we put it off for now.
The URL for the capability patch is:
http://www.us.kernel.org/pub/linux/libs/security/linux-privs/
|