"Theodore Ts'o" <tytso@mit.edu> writes:
> Ugh. Personally, as I've said, I'm not convinced filesystem
> capabilities is worth it, providing the illusion of security --- and
Like ACL? SCNR :-)
> probably will make most systems more insecure because most system
> administrators won't be able to deal with fs capabilties competently.
I still don't get it. How is this different from suid root. The worst
I can imagine is an admin doing chcap all+eip, which is no different
from doing a chown root; chmod u+s.
> HOWEVER, if we're going to do it, Olaf's patches is really not the way
> to do it. If we're going to do it at all, the right way to do it is
> via extended attributes. Using a sparse file to store capabilities
> indexed by inode numbers is a bad idea; it will break if the user uses
> resize2fs on an ext2/3 filesystem, for example.
Dragging yet another one out of you. This is a pretty strong argument
against my implementation. Any other hints?
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Nov 07 2002 - 22:00:24 EST