Re: [PATCH] Document how capability bits work

From: Rob Landley
Date: Fri Dec 07 2012 - 20:10:00 EST


On 12/07/2012 01:32:18 PM, Andy Lutomirski wrote:
On Fri, Dec 7, 2012 at 11:21 AM, Serge Hallyn
<serge.hallyn@xxxxxxxxxxxxx> wrote:
> Quoting Andy Lutomirski (luto@xxxxxxxxxxxxxx):
>> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
>> ---
>> Documentation/security/capabilities.txt | 161 ++++++++++++++++++++++++++++++++
>> 1 file changed, 161 insertions(+)
>> create mode 100644 Documentation/security/capabilities.txt
>
> TBH, I think a pointer to the capabilities.7 man page would be better.
> (plus, if you feel they are needed, updates to the man page)

Updating capabilities.7 wouldn't be a bad idea, but IMO it certainly
needs work. For example, it says:
...
I would be happy to revise this patch to reference capabilities.7.

The capabilities.7 man page is existing maintained documentation on how to use this from userspace, which seems to be the point of your document. Having include/linux/uapi/capability.h mention its existence might be good. Feeding fixes to the documentation we've already got would be good.

I read your document having largely ignored capabilities for years, and don't feel I have a better understanding of them after reading it. (I'm aware they exist, I'm aware they're used as a justification for extended attributes, I'm aware people think breaking a fireplace into a bunch of candleflames increases fire safety. I'm aware of http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 and I _used_ to be aware of http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html but kernel.org never bothered putting most of itself back together after the breakin last year and archive.org doesn't have a copy. I'm aware that a decade ago at Atlanta Linux Showcase in california Ted Tso was sad nobody was using them yet. But I haven't hugely been tracking changes over the last 5 years in how they work. It looks like figuring out who has what involves working through exercises in set theory that cannot be explained using a 127 bit ascii set. Personally, I prefer "more dangerous" security setups that don't require I pull out scratch paper to reason about the state of the system, so perhaps I'm biased here.)

Rob--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/