Re: [PATCH] Document how capability bits work

From: Michael Kerrisk (man-pages)
Date: Sun Dec 09 2012 - 04:54:55 EST


Andy,

On Sat, Dec 8, 2012 at 2:27 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> On Fri, Dec 7, 2012 at 5:10 PM, Rob Landley <rob@xxxxxxxxxxx> wrote:
>> On 12/07/2012 01:32:18 PM, Andy Lutomirski wrote:
>>>
>>> On Fri, Dec 7, 2012 at 11:21 AM, Serge Hallyn
>>> <serge.hallyn@xxxxxxxxxxxxx> wrote:
>>> > Quoting Andy Lutomirski (luto@xxxxxxxxxxxxxx):
>>> >> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
>>> >> ---
>>> >> Documentation/security/capabilities.txt | 161
>>> >> ++++++++++++++++++++++++++++++++
>>> >> 1 file changed, 161 insertions(+)
>>> >> create mode 100644 Documentation/security/capabilities.txt
>>> >
>>> > TBH, I think a pointer to the capabilities.7 man page would be better.
>>> > (plus, if you feel they are needed, updates to the man page)
>>>
>>> Updating capabilities.7 wouldn't be a bad idea, but IMO it certainly
>>> needs work. For example, it says:
>>
>> ...
>>
>>> I would be happy to revise this patch to reference capabilities.7.
>>
>>
>> The capabilities.7 man page is existing maintained documentation on how to
>> use this from userspace, which seems to be the point of your document.
>> Having include/linux/uapi/capability.h mention its existence might be good.
>> Feeding fixes to the documentation we've already got would be good.
>>
>> I read your document having largely ignored capabilities for years, and
>> don't feel I have a better understanding of them after reading it. (I'm
>> aware they exist, I'm aware they're used as a justification for extended
>> attributes, I'm aware people think breaking a fireplace into a bunch of
>> candleflames increases fire safety. I'm aware of
>> http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 and I _used_ to be
>> aware of
>> http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html but
>> kernel.org never bothered putting most of itself back together after the
>> breakin last year and archive.org doesn't have a copy. I'm aware that a
>> decade ago at Atlanta Linux Showcase in california Ted Tso was sad nobody
>> was using them yet. But I haven't hugely been tracking changes over the last
>> 5 years in how they work. It looks like figuring out who has what involves
>> working through exercises in set theory that cannot be explained using a 127
>> bit ascii set. Personally, I prefer "more dangerous" security setups that
>> don't require I pull out scratch paper to reason about the state of the
>> system, so perhaps I'm biased here.)
>
> Heh. I agree this stuff is shockingly complicated. (And this
> document isn't wriiten in ASCII...)
>
> I actually wrote this file because I was reading the code and trying
> to figure out wtf was going on. This is the result :) I'll see if I
> can improve capabilities.7.
>
> Any pointers to things you wanted to understand?

Indeed, it strikes me that a patch to capabilities.7 would be best.
This is all about user-visible stuff, and hiding things in a kernel
source file is not very user visible.

capabilities.7 is a big page. It would be best to break the patch into
logically distinct pieces, if that can be sensibly done.

Cheers,

Michael


--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Author of "The Linux Programming Interface"; http://man7.org/tlpi/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/