>> which spawned an entire OTHER
>> argument on how that should be done. (ext2+caps,elfcap,et al)
>
>Yep. Capabilities in ext2 is just wrong. Using ELF is merely bad.
>This is a UNIX clone you know; you can't make it into VMS.
Why not? Elfcap is simple hack that does not break anything. Capabilities *are* usefull for simple tasks already. I do not know about VMS, but current system has practical uses.
>Ever wonder why? The system is not compatible with UNIX.
>It isn't even safe. This is making MAC look easy, since at
>least MAC operates "outside" the normal security system.
elfcap-ed ping would be slightly more secure than current ping. What is unsafe on capabilities?
>I know one way to fix all this. It is not nearly as fancy, but at
>least it doesn't cause so many incompatibilities. Do the obvious.
>Have UID-to-capability and GID-to-capability tables in the kernel.
>Load them early in the boot or via a trusted daemon. This doesn't
That is just plain ugly. Elfcap is very nice compared to this.
>have any "way cool" inheritance algorithms to confuse admins and
>programs alike. It just works. Across an exec, capabilities must
>be fully enabled for compatibility. Capability-aware programs
>could disable unneeded privilege as the first step in main.
Is not dropping unneeded privileges exactly the thing the other person said he is doing?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:27 EST