[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87tzc7fht9.fsf@burp.tkv.asdf.org>
Date: Tue, 23 Sep 2008 10:21:54 +0300
From: Markku Savela <msa@...h.iki.fi>
To: linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] file capabilities: add no_file_caps switch (v2)
Andreas Gruenbacher <agruen@...e.de> writes:
> Sure, that would work as well, except that I think that file
> capabilities should always default to "on" as they will become a
> standard security mechanism before long. We just don't have much
> system management tool support yet, and I would like to give that
> some more time safely, without putting users at unnecessary risk.
As I've said elsewhere, I consider above a bad move. The "file
capabilities" are just setgid/setuid executables in disguise (although
with little finer control).
I would prefer two choices for capabilities:
1) file capabilities, for those who think they work
2) no file capabilities, but just normal inheritance. There should be
nothing mystical about this. The credential (uid, groups) inherit
just fine without problems. Why not capabilities?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists