| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Sep 2006 11:59:54 +0000 From: Pavel Machek <pavel@....cz> To: Casey Schaufler <casey@...aufler-ca.com> Cc: David Madore <david.madore@....fr>, Linux Kernel mailing-list <linux-kernel@...r.kernel.org> Subject: Re: patch to make Linux capabilities into something useful (v 0.3.1) Hi! > > Well, I could imagine that a paranoid sysadmin might > > want some users' > > processes to run without this or that capability > > (perhaps > > CAP_REG_PTRACE or some other yet-to-be-defined > > capability). This > > doesn't mean that they shouldn't be able to run a > > game which runs sgid > > in order to write the score file. > > A likely scenario might be the 3rd party program > that you really are sure about trusting. You > give it a capability set that has nothing in it > (hence runs without capability regardless of > the capabilities of the parent). That's part > of the rationale behind the POSIX scheme, that > some programs you just don't want to ever run > privileged, period. But POSIX only deals with > going "above" base, which is why I like the > notion of your "underprivileged" scheme as a > seperate addition. Well, in kernel above-priviledge and below-priviledge makes sense to be handled by same code. You can always create interface you prefer in glibc... Pavel -- Thanks for all the (sleeping) penguins. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists