From: Adrian Bunk <bunk@kernel.org>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Andrew Morgan <morgan@kernel.org>,
chrisw@sous-sol.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [2.6 patch] remove securebits
Date: Mon, 27 Aug 2007 17:17:52 +0200 [thread overview]
Message-ID: <20070827151751.GD4121@stusta.de> (raw)
In-Reply-To: <20070827150941.GA31042@vino.hallyn.com>
On Mon, Aug 27, 2007 at 10:09:42AM -0500, Serge E. Hallyn wrote:
> Quoting Adrian Bunk (bunk@kernel.org):
> > On Fri, Aug 24, 2007 at 08:50:10PM -0700, Andrew Morgan wrote:
> > >
> > > FWIW, in the mm kernel, I've actually already removed them when one
> > > configures without capabilities.
> > >
> > > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc3/2.6.23-rc3-mm1/broken-out/v3-file-capabilities-alter-behavior-of-cap_setpcap.patch
> > >
> > > Other than writing a custom module, so far as I can tell, there is/was
> > > no way to set them anyway.
> > >
> > > I'd obviously prefer to wait for the mm-merge process to complete and
> > > minimize the churn in this area, but I basically agree that the bits as
> > > implemented are pretty useless in their current form. In a per-process
> > > mode (with filesystem capability support) they are much more useful...
> >
> > It was in the tree for nine years (sic) without a single user...
>
> That's because without file capabilities there was no way for a process
> to retain capabilities across exec, so not having a privileged root user
> was simply not workable.
>
> > Are you only improving a dead horse, or do you also have a rider for the
> > improved dead horse?
>
> It will allow process trees to run with strict capabilities, without a
> root user which automatically gains full capabilities. That wasn't
> possible without file capabilities, since there was no way for processes
> to retain capabilities across exec. Now that we have file capabilities,
> it is feasible, and it certainly is useful.
I didn't question that the dead horse gets improved, but where's the
rider?
A user of the improved securebits has to be submitted for inclusion in
the kernel.
> -serge
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
next prev parent reply other threads:[~2007-08-27 15:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-24 21:06 [2.6 patch] remove securebits Adrian Bunk
2007-08-24 21:19 ` Serge E. Hallyn
2007-08-25 3:50 ` Andrew Morgan
2007-08-25 18:28 ` Adrian Bunk
2007-08-27 15:09 ` Serge E. Hallyn
2007-08-27 15:17 ` Adrian Bunk [this message]
2007-08-27 15:28 ` Serge E. Hallyn
2007-08-27 15:58 ` Adrian Bunk
2007-08-28 7:20 ` Andrew Morgan
2007-08-28 14:38 ` Serge E. Hallyn
2007-08-28 18:19 ` Serge E. Hallyn
2007-08-30 0:51 ` Andrew Morgan
2007-08-30 13:26 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070827151751.GD4121@stusta.de \
--to=bunk@kernel.org \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox