Re: [2.6 patch] remove securebits

[Serge E. Hallyn]

Quoting Adrian Bunk (bunk@xxxxxxxxxx):
> On Fri, Aug 24, 2007 at 08:50:10PM -0700, Andrew Morgan wrote:
> > 
> > FWIW, in the mm kernel, I've actually already removed them when one
> > configures without capabilities.
> > 
> > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc3/2.6.23-rc3-mm1/broken-out/v3-file-capabilities-alter-behavior-of-cap_setpcap.patch
> > 
> > Other than writing a custom module, so far as I can tell, there is/was
> > no way to set them anyway.
> > 
> > I'd obviously prefer to wait for the mm-merge process to complete and
> > minimize the churn in this area, but I basically agree that the bits as
> > implemented are pretty useless in their current form. In a per-process
> > mode (with filesystem capability support) they are much more useful...
> 
> It was in the tree for nine years (sic) without a single user...

That's because without file capabilities there was no way for a process
to retain capabilities across exec, so not having a privileged root user
was simply not workable.

> Are you only improving a dead horse, or do you also have a rider for the 
> improved dead horse?

It will allow process trees to run with strict capabilities, without a
root user which automatically gains full capabilities.  That wasn't
possible without file capabilities, since there was no way for processes
to retain capabilities across exec.  Now that we have file capabilities,
it is feasible, and it certainly is useful.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/