[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrXOk74kcfqHBwuAZEY3rpZJFc65e0zZszu-34Qk+ui1dA@mail.gmail.com>
Date: Fri, 7 Dec 2012 17:27:25 -0800
From: Andy Lutomirski <luto@...capital.net>
To: Rob Landley <rob@...dley.net>
Cc: Serge Hallyn <serge.hallyn@...onical.com>,
James Morris <james.l.morris@...cle.com>,
linux-security-module@...r.kernel.org,
Casey Schaufler <casey@...aufler-ca.com>,
linux-kernel@...r.kernel.org, Eric Paris <eparis@...hat.com>,
"Andrew G. Morgan" <morgan@...nel.org>, mtk.manpages@...il.com
Subject: Re: [PATCH] Document how capability bits work
On Fri, Dec 7, 2012 at 5:10 PM, Rob Landley <rob@...dley.net> wrote:
> On 12/07/2012 01:32:18 PM, Andy Lutomirski wrote:
>>
>> On Fri, Dec 7, 2012 at 11:21 AM, Serge Hallyn
>> <serge.hallyn@...onical.com> wrote:
>> > Quoting Andy Lutomirski (luto@...capital.net):
>> >> Signed-off-by: Andy Lutomirski <luto@...capital.net>
>> >> ---
>> >> Documentation/security/capabilities.txt | 161
>> >> ++++++++++++++++++++++++++++++++
>> >> 1 file changed, 161 insertions(+)
>> >> create mode 100644 Documentation/security/capabilities.txt
>> >
>> > TBH, I think a pointer to the capabilities.7 man page would be better.
>> > (plus, if you feel they are needed, updates to the man page)
>>
>> Updating capabilities.7 wouldn't be a bad idea, but IMO it certainly
>> needs work. For example, it says:
>
> ...
>
>> I would be happy to revise this patch to reference capabilities.7.
>
>
> The capabilities.7 man page is existing maintained documentation on how to
> use this from userspace, which seems to be the point of your document.
> Having include/linux/uapi/capability.h mention its existence might be good.
> Feeding fixes to the documentation we've already got would be good.
>
> I read your document having largely ignored capabilities for years, and
> don't feel I have a better understanding of them after reading it. (I'm
> aware they exist, I'm aware they're used as a justification for extended
> attributes, I'm aware people think breaking a fireplace into a bunch of
> candleflames increases fire safety. I'm aware of
> http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 and I _used_ to be
> aware of
> http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html but
> kernel.org never bothered putting most of itself back together after the
> breakin last year and archive.org doesn't have a copy. I'm aware that a
> decade ago at Atlanta Linux Showcase in california Ted Tso was sad nobody
> was using them yet. But I haven't hugely been tracking changes over the last
> 5 years in how they work. It looks like figuring out who has what involves
> working through exercises in set theory that cannot be explained using a 127
> bit ascii set. Personally, I prefer "more dangerous" security setups that
> don't require I pull out scratch paper to reason about the state of the
> system, so perhaps I'm biased here.)
Heh. I agree this stuff is shockingly complicated. (And this
document isn't wriiten in ASCII...)
I actually wrote this file because I was reading the code and trying
to figure out wtf was going on. This is the result :) I'll see if I
can improve capabilities.7.
Any pointers to things you wanted to understand?
--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists