Next: Executable File Capabilities
Up: Linux Legacy
Previous: Inheritance Algorithm
Contents
To support the ``patchwork'' implementation of capabilities certain related
mechanisms had to be hardcoded. Two, in particular, had to be disabled as they
did not comply to LinSec mandatory security model:
- When a process dies all its children are reparented to init
(function reparent_to_init, kernel/sched.c). In doing so,
capabilities of the orphaned processes are raised to full. Thus, processes
having no privileges initially can obtain them all if orphaned. Clearly
an undesirable effect in a mandatory security environment.
- When a non-root user executes a suid binary capability sets
are adopted to allow the process to perform actual change of ownership
(function prepare_binprm, kernel/sys.c).