Y2K <y2k@y2ker.com> wrote:
> I don't like the idea of completely sacrificing standard practices
> like the use of file utils and shell scripting on the alter of "pure"
> caps.
That's reasonable -- that probably means you don't want to be crippled
as an administer.
> And to boot I think it is misguided.
Er.. what's misguided. Or are you responding to something I didn't
write?
> My point being that for these it is plainly absurd to make the
> security decisions based on any particular set of caps. #3 is best
> served by very carefuly writing either one or a series of admin
> programs that is cap enhanced by fP.
No, this approach does have some merit.
However, remember that ultimate security requires ultimate simplicity.
The point of caps is to >>limit<< the scope of required auditing.
And, there are some applications where caps achieve this end. These
applications, by nature, must be very rigidly defined and narrow in
scope.
I wouldn't want to go so far as to say that there will never be a linux
distribution that uses fine grained privilege masks in the file system.
However: I think I'm safe to say that if such a system (or distribution)
is done right it's not going to be what we currently think of as a
general purpose system (/distribution).
> Maybe they should take a look at linuxconf and add lots of policy to
> it. Neither "soiled" or "pure" caps has any real direct benefite to
> these people.
Sure, linuxconf is aiming to address a very general (almost open ended)
problem. By definition, if you want crippled administrators you can't
be having them address general case problems.
-- Raul- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/