From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christoph Lameter Subject: Re: [RFC] capabilities: Ambient capabilities Date: Mon, 30 Mar 2015 10:05:58 -0500 (CDT) Message-ID: References: <933931146caf5dac58379f50c017bff9f6c47661.1426183417.git.luto@kernel.org> Content-Type: TEXT/PLAIN; charset=US-ASCII Return-path: In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Andy Lutomirski Cc: Jarkko Sakkinen , Andrew Lutomirski , Ted Ts'o , Andrew Morton , "Andrew G. Morgan" , Linux API , Mimi Zohar , Michael Kerrisk , Austin S Hemmelgarn , linux-security-module , Aaron Jones , Serge Hallyn , LKML , Markku Savela , Kees Cook , Jonathan Corbet List-Id: linux-api@vger.kernel.org On Mon, 30 Mar 2015, Andy Lutomirski wrote: > > Would this suffice? It puts the CAP_SETPCAP limitation back to how it > > was in my earlier patch. > I really don't like that variant. CAP_SETPCAP is dangerous and so > absurdly powerful that people really shouldn't hand it out. According to man 7 capabilities CAP_SETPCAP is required to setup securebits. This hides the functionality behind yet another stage of security and obscures this ability somewhat more?