[...]
> This to me is one of the real blind-spots of some people who are
> pushing capabilities. There is absolutely no need to remove the
> privileges of the root account. By default root has all capabilities.
The whole idea of capabilities is to get rid of all-powerful users, to
split the root powers among several people where _nobody_ has all
powers. Any scheme that keeps a root of some sort is broken.
[...]
> Capabilities are a good thing, as they give more flexibility. But
> there simply is no need to cripple root.
Then give root all capabilities. "To cripple root", as you call it, is not
_needed_, but it is essential to be _able to do it_, else you can get just
a fraction of the security benefits out of this scheme.
Yet again: A pure capability system just has no "root". It is quite a
different type of beast as the Unix systems we all are accustomed to.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/