lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070827150941.GA31042@vino.hallyn.com>
Date:	Mon, 27 Aug 2007 10:09:42 -0500
From:	"Serge E. Hallyn" <serge@...lyn.com>
To:	Adrian Bunk <bunk@...nel.org>
Cc:	Andrew Morgan <morgan@...nel.org>,
	"Serge E. Hallyn" <serge@...lyn.com>, chrisw@...s-sol.org,
	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [2.6 patch] remove securebits

Quoting Adrian Bunk (bunk@...nel.org):
> On Fri, Aug 24, 2007 at 08:50:10PM -0700, Andrew Morgan wrote:
> > 
> > FWIW, in the mm kernel, I've actually already removed them when one
> > configures without capabilities.
> > 
> > http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc3/2.6.23-rc3-mm1/broken-out/v3-file-capabilities-alter-behavior-of-cap_setpcap.patch
> > 
> > Other than writing a custom module, so far as I can tell, there is/was
> > no way to set them anyway.
> > 
> > I'd obviously prefer to wait for the mm-merge process to complete and
> > minimize the churn in this area, but I basically agree that the bits as
> > implemented are pretty useless in their current form. In a per-process
> > mode (with filesystem capability support) they are much more useful...
> 
> It was in the tree for nine years (sic) without a single user...

That's because without file capabilities there was no way for a process
to retain capabilities across exec, so not having a privileged root user
was simply not workable.

> Are you only improving a dead horse, or do you also have a rider for the 
> improved dead horse?

It will allow process trees to run with strict capabilities, without a
root user which automatically gains full capabilities.  That wasn't
possible without file capabilities, since there was no way for processes
to retain capabilities across exec.  Now that we have file capabilities,
it is feasible, and it certainly is useful.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ