On Mon, Dec 10, 2012 at 11:13 AM, Casey Schaufler <ca...@schaufler-ca.com> wrote: > On 12/10/2012 10:12 AM, Andy Lutomirski wrote: >> I think that the Windows approach is worth looking at. See here: >> >> http://msdn.microsoft.com/en-us/library/windows/desktop/aa375202%28v=vs.85%29.aspx >> >> In the Windows model, each capability ("privilege") can be in one of >> three states: enabled (i.e working right now), > > Effective > >> permitted (i.e. >> available upon request but not currently enabled), > > Permitted > >> or removed >> (disallowed to this process and all of its children). > > ~Inherited
No. It's ~Inherited in a world where every binary has fI = everything. > >> Permitted >> privileges are always inherited when a child process is created. >> >> This is *way* simpler than Linux's model, and it works just fine*. > > I see a different set of complications, and Windows never had > a setuid bit to contend with. God created the universe in seven > days, but then, He didn't have an installed base. > What are those complications? Also, I think we really could get rid of setuid without breaking anything with a bit of extra (non-capability-related) plumbing work. --Andy -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
