Re: posix capabilities inheritance

From: David Wagner
Date: Fri Oct 24 2003 - 16:01:54 EST

Next message: David Wagner: "Re: [RFC] frandom - fast random generator module"
Previous message: David Ford: "suspend-to-ram problem, 2.6.0-test8"
In reply to: Andy Lutomirski: "Re: posix capabilities inheritance"
Next in thread: Andy Lutomirski: "Re: posix capabilities inheritance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy Lutomirski wrote:
>I've been programming Windows for a long time, and windows has a
>capability system. [...] All capabilities are disabled by default (almost --
>there's a pointless exception, of course). The result is that every
>program that uses a privileged function (e.g. change the time, restart,
>etc.) wraps that call with something that turns enables the capability
>at first, then disables it. This has no benefit -- a hijacked
>privileged program can still enable them, and the admin never sees this,
>because everything enables them.

Actually, it does have some benefits. If I do an open() somewhere
else in the code, I know that it is not going to unintentionally use
my elevated privileges. That's useful. Least privilege, and all that.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Wagner: "Re: [RFC] frandom - fast random generator module"
Previous message: David Ford: "suspend-to-ram problem, 2.6.0-test8"
In reply to: Andy Lutomirski: "Re: posix capabilities inheritance"
Next in thread: Andy Lutomirski: "Re: posix capabilities inheritance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]