From: Adrian Bunk <bunk@kernel.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Andrew Morgan <morgan@kernel.org>,
chrisw@sous-sol.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [2.6 patch] remove securebits
Date: Mon, 27 Aug 2007 17:17:52 +0200 [thread overview]
Message-ID: <20070827151751.GD4121@stusta.de> (raw)
In-Reply-To: <20070827150941.GA31042@vino.hallyn.com>
On Mon, Aug 27, 2007 at 10:09:42AM -0500, Serge E. Hallyn wrote:
> Quoting Adrian Bunk (bunk@kernel.org):
> > On Fri, Aug 24, 2007 at 08:50:10PM -0700, Andrew Morgan wrote:
> > >
> > > FWIW, in the mm kernel, I've actually already removed them when one
> > > configures without capabilities.
> > >
> > > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc3/2.6.23-rc3-mm1/broken-out/v3-file-capabilities-alter-behavior-of-cap_setpcap.patch
> > >
> > > Other than writing a custom module, so far as I can tell, there is/was
> > > no way to set them anyway.
> > >
> > > I'd obviously prefer to wait for the mm-merge process to complete and
> > > minimize the churn in this area, but I basically agree that the bits as
> > > implemented are pretty useless in their current form. In a per-process
> > > mode (with filesystem capability support) they are much more useful...
> >
> > It was in the tree for nine years (sic) without a single user...
>
> That's because without file capabilities there was no way for a process
> to retain capabilities across exec, so not having a privileged root user
> was simply not workable.
>
> > Are you only improving a dead horse, or do you also have a rider for the
> > improved dead horse?
>
> It will allow process trees to run with strict capabilities, without a
> root user which automatically gains full capabilities. That wasn't
> possible without file capabilities, since there was no way for processes
> to retain capabilities across exec. Now that we have file capabilities,
> it is feasible, and it certainly is useful.
I didn't question that the dead horse gets improved, but where's the
rider?
A user of the improved securebits has to be submitted for inclusion in
the kernel.
> -serge
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
next prev parent reply other threads:[~2007-08-27 15:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-24 21:06 [2.6 patch] remove securebits Adrian Bunk
2007-08-24 21:19 ` Serge E. Hallyn
2007-08-25 3:50 ` Andrew Morgan
2007-08-25 18:28 ` Adrian Bunk
2007-08-27 15:09 ` Serge E. Hallyn
2007-08-27 15:17 ` Adrian Bunk [this message]
2007-08-27 15:28 ` Serge E. Hallyn
2007-08-27 15:58 ` Adrian Bunk
2007-08-28 7:20 ` Andrew Morgan
2007-08-28 14:38 ` Serge E. Hallyn
2007-08-28 18:19 ` Serge E. Hallyn
2007-08-30 0:51 ` Andrew Morgan
2007-08-30 13:26 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070827151751.GD4121@stusta.de \
--to=bunk@kernel.org \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.