CAPs
James Buster
bitbug at seal.engr.sgi.com
Fri Nov 5 23:40:30 GMT 1999
On Nov 5, 2:15pm, Andrew Morgan wrote:
} Linux's CAP_SETPCAP will go away when there is real filesystem support
} for capabilities.
Why? Being able to change your capability set in violation of security
policy has nothing to do with the filesystem.
} IRIX's CAP_SETPCAP seems less of a problem - at least
} you can audit which processes can benefit from it!
Audit wouldn't be a problem for Linux, either. I'm not sure what
you mean here.
} How does it differ in reality from raising all forced capabilities for
} the login/su programs?
There's no reason for login/su to have CAP_DAC_READ_SEARCH capability
when, from a policy standpoint, what it wants to do is set its capability
set to an arbitrary value according to what the user requests (and is
permitted). Giving it a capability just so it can retain or give up that
capability later is a mistake. The capabilities a process has should
closely mirror the activities required of it.
--
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list