lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 4 Feb 2008 02:54:50 +0200
From:	Ismail Dönmez <>
To:	"Andrew G. Morgan" <>
Cc:	Andrew Morton <>,
	Linux Security Modules List 
	<>,, "Serge E. Hallyn" <>
Subject: Re: [PATCH] per-process securebits

At Monday 04 February 2008 around 02:49:29 Andrew G. Morgan wrote:
> Another way to put this is that there needs to be some application code
> and documentation available to guide the way... Adding such things to
> the example programs in libcap2 helped me find the 24-rc2 CAP_SETPCAP
> bug and until I've gone through the task of testing all the bits
> together, I won't believe the kernel support is anything other than
> 'experimental'.
> Other folk are actively advocating and exploring this model. For
> example, Chris Friedhoff has a page here that describes some first
> steps for using filesystem capabilities:
> ~

I already know and enjoy File system base capabilities thanks to Chris' 
website and Serge's developerWorks article.

What I meant to ask was what does "per-process securebits" brings as extra. 
FWIW in Pardus 2008 we'll enable Posix file capabilities by default so people 
could "harden" their setups.


Never learn by your mistakes, if you do you may never dare to try again.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists