From: "Theodore Ts'o" <tytso@mit.edu>
To: linux-kernel@vger.kernel.org
Subject: Re: Posix capabilities
Date: Wed, 16 Oct 2002 23:26:20 -0400 [thread overview]
Message-ID: <20021017032619.GA11954@think.thunk.org> (raw)
In-Reply-To: <20021016154459.GA982@TK150122.tuwien.teleweb.at>
On Wed, Oct 16, 2002 at 05:44:59PM +0200, Stefan Schwandter wrote:
>
> I saw capabilities and acl patches for ext2/3 enter -mm. Is it possible
> now to give an executable (that lives on an ext2/ext3 fs) the necessary
> rights to use SCHED_FIFO without being setuid root? Could someone give
> me some pointers for these topics (capabilities support in linux, acl)?
The patchs which I've been working on do not support capabilities;
just extended attributes.
Personally, I'm not so convinced that capabilities are such a great
idea. System administrators have a hard enough time keeping 12 bits
of permissions correct on executable files; with capabilities they
have to keep track of several hundred bits of capabilties flags, which
must be set precisely correctly, or the programs will either (a) fail
to function, or (b) have a gaping huge security hole.
This probablem could be solved with some really scary, complex user
tools (which no one has written yet). Alternatively you could just
let programs continue to be setuid root, but modify the executable to
explicitly drop all the capabilities except for the ones that are
actually needed as one of the first things that executable does. It
perhaps only gives you 90% of the benefits of the full-fledged
capabilities model, but it's much more fool proof, and much easier to
administer.
- Ted
next prev parent reply other threads:[~2002-10-17 3:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-16 15:44 Posix capabilities Stefan Schwandter
2002-10-16 16:22 ` Bosko Radivojevic
2002-10-17 3:26 ` Theodore Ts'o [this message]
2002-10-17 4:00 ` GrandMasterLee
2002-10-17 13:22 ` Horst von Brand
2002-10-18 6:38 ` GrandMasterLee
2002-10-17 10:37 ` Olaf Dietsche
2002-10-17 11:02 ` Andreas Gruenbacher
2002-10-17 12:12 ` Theodore Ts'o
2002-10-17 15:36 ` Olaf Dietsche
2002-10-17 17:17 ` Alex Riesen
2002-10-18 16:13 ` Rogier Wolff
2002-10-17 13:40 ` Henning P. Schmiedehausen
2002-10-17 12:05 ` Stefan Schwandter
2002-10-17 12:20 ` Theodore Ts'o
2002-10-20 14:16 ` Pavel Machek
2002-10-27 13:46 ` Andreas Gruenbacher
-- strict thread matches above, loose matches on Subject: below --
2002-10-17 20:43 Neil Schemenauer
2002-10-20 14:18 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021017032619.GA11954@think.thunk.org \
--to=tytso@mit.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.