[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060909115954.GB4277@ucw.cz>
Date: Sat, 9 Sep 2006 11:59:54 +0000
From: Pavel Machek <pavel@....cz>
To: Casey Schaufler <casey@...aufler-ca.com>
Cc: David Madore <david.madore@....fr>,
Linux Kernel mailing-list <linux-kernel@...r.kernel.org>
Subject: Re: patch to make Linux capabilities into something useful (v 0.3.1)
Hi!
> > Well, I could imagine that a paranoid sysadmin might
> > want some users'
> > processes to run without this or that capability
> > (perhaps
> > CAP_REG_PTRACE or some other yet-to-be-defined
> > capability). This
> > doesn't mean that they shouldn't be able to run a
> > game which runs sgid
> > in order to write the score file.
>
> A likely scenario might be the 3rd party program
> that you really are sure about trusting. You
> give it a capability set that has nothing in it
> (hence runs without capability regardless of
> the capabilities of the parent). That's part
> of the rationale behind the POSIX scheme, that
> some programs you just don't want to ever run
> privileged, period. But POSIX only deals with
> going "above" base, which is why I like the
> notion of your "underprivileged" scheme as a
> seperate addition.
Well, in kernel above-priviledge and below-priviledge makes sense to
be handled by same code. You can always create interface you prefer in
glibc...
Pavel
--
Thanks for all the (sleeping) penguins.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists