Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities

[David Madore <david.madore@ens.fr>]

On Sun, Sep 10, 2006 at 05:23:13PM +0100, Alan Cox wrote:
> CAP_REG_EXEC seems meaningless, I can do the same with mmap by hand for
> most types of binary execution except setuid (which is separate it
> seems)

Actually I meant those caps to be more of a proof of concept than as a
really useful set, so I have nothing against CAP_REG_EXEC being
deleted.  However, it still performs one (small) function even in the
absence of suid/sgid executables: you can execute files with omde --x
which you can't do with mmap().  (Also, I'm not 100% sure the kernel
doesn't do some magic things on exec(), perhaps some magic forms of
accounting or whatever, which you couldn't do with mmap().)

> Given the capability model is accepted as inferior to things like
> SELinux policies why do we actually want to fix this anyway. It's
> unfortunate we can't discard the existing capabilities model (which has
> flaws) as well really.

Can a non-root user create limited-rights processes without assistance
from the sysadmin, under SElinux?  I was under the impression that it
wasn't the case.  Also, SElinux is immensely more difficult to
understand and operate with than a mere set of capabilities: and I
think that simplicity is (sometimes) of value.

-- 
     David A. Madore
    (david.madore@ens.fr,
     http://www.madore.org/~david/ )