> Date: Wed, 21 Apr 1999 13:39:09 -0700 (PDT)
> From: Y2K <y2k@y2ker.com>
>
> > No, because "more" wouldn't have any capabilities in its "inheritable"
> > set, so it would NOT inherit any capabilities which its parents had.
>
> Thats not very compatible, right now if the parent has the caps they flow
> to their children. Actually for linux2.2.6 it appears that if ruid=0 or
> euid=0 all caps are raised else all caps are droped upon exec.
>
> Sometimes, to be secure, you have to break compatibility. Period.
>
> Sure, using capabilities will be an option, but people who turn it on
> will have to expect different behaviours in order to be fully secure.
Fully secure == powered off, disconnected from the net, embedded into
concrete block and put into the collapsed mine. There is no such thing as
full security.
> Someone who is used to running as root all the time will certainly
> experience compatibility problems when they first start running as a
> non-privileged user 100% of the time. This is a similar transition.
Great. Except that you broke sudo, gave special attributes to half
of fileutils, broke perl scripts running from crontab (unless you bestow
full-caps on perl, or, better yet, keep a copy for each possible
combination of caps). With all due respect, is this proposal backed by
a single *working* system or is it a committee-designed OSIesque? In other
words, is it a codification of existing practice (on some research system,
whatever)? It may be a low blow, but... do you remember the late OSI/ISO?
If you can show the existing implementation - my thanks and apologies.
Otherwise... I dearly hope that it will not make its way into the official
tree. For a year or two.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/