| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 02 Dec 2007 10:28:37 +0900 From: KaiGai Kohei <kaigai@...gai.gr.jp> To: serge@...lyn.com CC: "Serge E. Hallyn" <serue@...ibm.com>, lkml <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org, Andrew Morgan <morgan@...nel.org>, Chris Wright <chrisw@...s-sol.org>, Stephen Smalley <sds@...ch.ncsc.mil>, James Morris <jmorris@...ei.org>, Andrew Morton <akpm@...l.org> Subject: Re: [PATCH] capabilities: introduce per-process capability bounding set (v10) Serge, > Is there any reason not to have a separate /etc/login.capbounds > config file, though, so the account can still have a full name? > Did you only use that for convenience of proof of concept, or > is there another reason? passwd(5) says the fifth field is optional and only used for informational purpose (like ulimit, umask). However, using any other separate config file is conservative and better. One candidate is "/etc/security/capability.conf" defined as the config file of pam_cap. Thanks, -- KaiGai Kohei <kaigai@...gai.gr.jp> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists