Re: [PATCH] capabilites, take 2

[Chris Wright]

* Valdis.Kletnieks@xxxxxx (Valdis.Kletnieks@xxxxxx) wrote:
> On Thu, 13 May 2004 18:20:10 PDT, Chris Wright said:
> 
> > I think it still needs more work.  Default behavoiur is changed, like
> > Inheritble is full rather than clear, setpcap is enabled, etc.  Also,
> > why do you change from Posix the way exec() updates capabilities?  Sure,
> > there is no filesystem bits present, so this changes the calculation,
> > but I'm not convinced it's as secure this way.  At least with newcaps=0.
> 
> The last time the "capabilities" thread reared its head a while ago, Andy made
> a posting that pretty conclusively showed that the Posix way was totally b0rken
> if you ever intended to support filesystem bits.  So if you wanted to ever have
> a snowball's chance of supporting something like:
> 
> chcap cap_net_raw+ep /bin/ping

It's still not clear that's what we want.  For now, just being able to have
the sucap equiv to sudo would be nice.  And it's very uncomfortable to
change mainline in subtle ways that could break security during stable
series.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/