Casey Schaufler writes:
> Capability granularity is a touchy issue. What you're proposing is
> having seperate capabilities for READ and WRITE access to a set
...
> Be wary of adding capabilities. One vendor decided to use seperate
> capabilities for each possible thing and ended up with 330!
That system, with 330 capabilities, was more correctly designed.
Our system is broken. We have no safe way to "split" a capability,
so we are stuck with the existing granularity.
Linux capabilities are kernel-only too, while a great deal of
security is handled in daemons and set-uid programs.
We might as well just rip out all this complexity, since it isn't
doing enough to eliminate special UID values. For example, there
isn't a "connect to X server" or "edit /etc/passwd" capability.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Feb 07 2000 - 21:00:05 EST