CAPs

[James Buster]

On Nov 5,  2:15pm, Andrew Morgan wrote:
} Linux's CAP_SETPCAP will go away when there is real filesystem support
} for capabilities.

Why? Being able to change your capability set in violation of security
policy has nothing to do with the filesystem.

} IRIX's CAP_SETPCAP seems less of a problem - at least
} you can audit which processes can benefit from it!

Audit wouldn't be a problem for Linux, either. I'm not sure what
you mean here.

} How does it differ in reality from raising all forced capabilities for
} the login/su programs?

There's no reason for login/su to have CAP_DAC_READ_SEARCH capability
when, from a policy standpoint, what it wants to do is set its capability
set to an arbitrary value according to what the user requests (and is
permitted). Giving it a capability just so it can retain or give up that
capability later is a mistake. The capabilities a process has should
closely mirror the activities required of it.

-- 
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message