CAPs

[Robert Watson]

On Thu, 30 Sep 1999, Ilmar S. Habibulin wrote:

> I think i will try to implement capabilities under freebsd. Tomorrow i
> will print posix capabilies pages to read them on weekend and maybe till
> the end of october we will have this code.

Ilmar,

You may want to take a look at my capabilities-related post earlier this
year, and also at the Linux implementation.  My main object to the
POSIX.1e capabilities was that many of them seem equivilent when viewed in
the context of UNIX.  For example, the ability to read any file or write
any file can give you control over the authentication system, etc.
However, the Linux people have defined a set of capabilities that are
perhaps more useful in a traditional UNIX environment rather than one
completely rewritten to be a trusted operating system.

A few days ago I made a post to freebsd-security about an alternative
approach to capabilities that could hide behind POSIX.1e interface.  Why
don't I forward a copy onto the posix1e list and perhaps it can give us
some food for thought.

The real barrier to plain-old-bitwise capabilities is getting file system
integration--as I understand it, this has held up the Linux folks.  I
believe they have all the code in a kernel, but that Ext2fs doesn't have
the meta-data available.

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message