> However, the capabilties-per-GID model seems (IMHO) to have a
> lot going for it. If GIDs have default capability sets (and assuming
> a GID for each major service a la ``http'',``man'',``ftp'',etc) then
> you:
This is an interesting idea, and could do a lot toward addressing the human
factors problems that Ted has been raising.
Just for the sake of discussion, I would like to toss out this idea one
more time. VMS handled the association of privileges (i.e. "capabilities")
via a central database. For any executable to run with privilege, it had
to be "installed" as a "known image," with the privileges spelled out.
Executables so installed were protected from modification thereafter.
This approach eliminates the problem of finding the programs with
capabilities - they are all listed in one place. There are no issues with
privileged programs on remotely mounted filesystems. It works with all
filesystem types, and should not require changes to any of them.
Implementation should be relatively simple.
Worth considering, I think...
jon
Jonathan Corbet, Eklektix, Inc.
corbet@eklektix.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:12 EST