Re: Capabilities

From: Gregory Maxwell (greg@linuxpower.cx)
Date: Tue Feb 22 2000 - 07:26:08 EST

Next message: Andris Pavenis: "[PATCH] Re: One more boobytrap needed for 2.2.15pre ?"
Previous message: Stephen C. Tweedie: "Re: accept() improvements for rt signals"
In reply to: Pavel Machek: "Re: Capabilities"
Next in thread: Theodore Y. Ts'o: "Re: Capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 22 Feb 2000, Pavel Machek wrote:

> If capabilities are not present on ISO, how are you going to install
> your system. If you don't have capabilities on NFS, how secure are
> your workstations going to be?

Simple, the install kernel is special and runs the entire install process
with full caps.

If you don't have caps on NFS you'll be real secure, as nothing on NFS
will run with extra privs, SUID on NFS is a security sin in most
enviroments.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andris Pavenis: "[PATCH] Re: One more boobytrap needed for 2.2.15pre ?"
Previous message: Stephen C. Tweedie: "Re: accept() improvements for rt signals"
In reply to: Pavel Machek: "Re: Capabilities"
Next in thread: Theodore Y. Ts'o: "Re: Capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:30 EST