| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Sep 2006 09:08:14 -0700 (PDT) From: Casey Schaufler <casey@...aufler-ca.com> To: linux-kernel@...r.kernel.org Subject: Re: patch to make Linux capabilities into something useful (v 0.3.1) There is lots of talk regarding the interaction between setuid and capabilities. While the current semanitics that lack file system support include (of necessity) interaction the intent of the POSIX scheme completely divorces the setuid mechanism from the capability scheme. The intention on a system that supports file system capabilities is that the setuid bit is a ignored in the capability calculation, allowing for a system on which root is just another user. The capability inheritance machanism is complicated, but that is in support of the ability to mark a program with a limited set of privilege so that setuid root need not be used. Does anyone need a pointer to the POSIX draft document? They include extensive if somewhat disjointed rationale sections. http://wt.tuxomania.net/publications/posix.1e/download.html Casey Schaufler casey@...aufler-ca.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists