Re: Improving capabilities support: need your opinion

Casey Schaufler (casey@anchovy.engr.sgi.com)
Fri, 11 Jun 1999 09:45:31 -0700 (PDT)


> Sorry for the long message, but I'm working on an extension of the linux
> capabilities to support fine-grained capabilities to access specified files

This is a Really Bad idea. DG/UX has over 330 capabilities (at last count)
at least in part because they decided to to this. That many capabilities
makes them hard to use and administer. I realize that you used a single
capability, but you will no doubt get many suggestions to break it up.

Based on your problem description, you might want to consider implementing
program access lists. You could associate a list of programs or program
attributes which would be required for a process to access a file.
Alternativly, you could implement an integrity policy, and mark these
files as HighIntegrity, and require processess which modify
them to also be marked thus. That's what we did with Trusted Irix,
and it makes it quite clear which files are important for the system.

Casey Schaufler voice: (650) 933-1634
casey@sgi.com fax: (650) 933-0170

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/