Re: caps in elf, next itteration (the hack get's bigger)

Richard Gooch (rgooch@atnf.csiro.au)
Tue, 13 Apr 1999 23:18:17 +1000

Horst von Brand writes:
> Richard Gooch <rgooch@atnf.csiro.au> said:
>
> [...]
>
> > This to me is one of the real blind-spots of some people who are
> > pushing capabilities. There is absolutely no need to remove the
> > privileges of the root account. By default root has all capabilities.
>
> The whole idea of capabilities is to get rid of all-powerful users, to
> split the root powers among several people where _nobody_ has all
> powers. Any scheme that keeps a root of some sort is broken.

Whoever can grant caps is in effect all-powerful.

> > Capabilities are a good thing, as they give more flexibility. But
> > there simply is no need to cripple root.
>
> Then give root all capabilities. "To cripple root", as you call it, is not
> _needed_, but it is essential to be _able to do it_, else you can get just
> a fraction of the security benefits out of this scheme.

What exactly do you see as the benefits of a crippled root? Compare
that with a system where there is no root account, but euid=0 means
all caps to the kernel. What are the real benefits?

Regards,

Richard....

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/