OK, so it seems we agree that the suid-root approach is better than
the sticky bit approach.
Putting caps into FS metadata has its own problems: breaking large
numbers of programmes, NFS/CODA and more.
So the question is: is it better to have an ideologically pure caps
system (i.e. euid=0 means nothing), with the cost of breaking
everything, or is it better to have a practical caps system (where
euid=0 means all caps, but there might not be a root account) which is
100% compatible and secure?
I'm heavily in favour of a practical system. In fact, there's no
reason we can't have both. The practical system can be implemented in
user space (use a CAP ELF header and put magic into the dynamic
loader) if you want. For the purists, go ahead and put caps into FS
metadata and #ifdef out all the places in the kernel where euid=0
means something.
Let the marketplace decide which scheme wins.
Regards,
Richard....
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/