[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <126313.89542.qm@web36605.mail.mud.yahoo.com>
Date: Mon, 12 May 2008 15:06:26 -0700 (PDT)
From: Casey Schaufler <casey@...aufler-ca.com>
To: Olaf Dietsche <olaf+list.linux-kernel@...fdietsche.de>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] 2.6.25: access permission filesystem 0.21
--- Olaf Dietsche <olaf+list.linux-kernel@...fdietsche.de> wrote:
> This patch adds a new permission managing file system.
> Furthermore, it adds two modules, which make use of this file system.
>
> One module allows granting capabilities based on user-/groupid.
Hmm. The primary purpose of the capability mechanism, according
to the POSIX P1003.1e/2c working group*, is to separate the
privilege mechanism from the userid mechanism. You are now
reintegrating them two mechanims, albiet differently than
they were integrated before. You can already achieve this end
using filesystem based capabilties and mode bits and/or ACLs,
so why the change?
> The
> second module allows to grant access to lower numbered ports based on
> user-/groupid, too.
Woof. As reasonable as mode bits on ports seems, there's an
awful lot of tradition associated with the privileged port
model. I can see the value in it, I've actually implemented
it in the past in the Unix world, but I have never seen anyone
willing to take advantage of the scheme.
-----
* As I'm the only member of that working group who ever pipes
up here, you'll have to take my word for it. (smiley)
Casey Schaufler
casey@...aufler-ca.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists