Re: setuid/setgid technology - OLD and NASTY

Linus Torvalds (torvalds@transmeta.com)
Fri, 17 Jul 1998 10:26:45 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Mares: "Re: v2.1.109 memory fragmentation"
Previous message: Martin Mares: "Re: v2.1.109 memory fragmentation"

On Fri, 17 Jul 1998, Linux Kernel list wrote:
>
> Setuid/setgid technology is an old technology belonging to the 70's.
> It was pretty confortable at that time but now it's not really actual and
> it's more like a pain in the system. It would be possible to replace this
> with 'something' - you decide what - in kernel land with something really
> secure. It's near year 2000 now. I would love to see Linux get rid of this
> kind of ballast.

Simple == secure.

ACL's, capabilities etc may be secure in theory, but give me a simple
security model any day, and it's likely to be more secure in practice.

We have support for finer-grained security these days, but it will never
be a replacement for setgid/setuid.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Martin Mares: "Re: v2.1.109 memory fragmentation"
Previous message: Martin Mares: "Re: v2.1.109 memory fragmentation"