Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> said:
[...]
> Yes, they will be used. But the intent is to be used by system/security
> administrators and not by the everyday user. If there are 32765 (or 255
> for that matter) privileged programs, then I would be willing to guarantee
> that the security on that system is nonexistant. The ability to audit
> the security activities of programs is a must. I have enough trouble with
> just the 55 I have. If I find any others on the system, they get removed.
You are counting wrong. You use an editor to fix configuration files, you
run ifconfig(8) as root to set up networking, etc. They aren't privileged,
the user running them is. Once you take that away, the number of programs
that will need (to be able to get) special privileges will be much larger.
In /sbin:/usr/sbin (very likely candidates) I count 277 here, in /bin
(more, somehwat less likely candidates) I've got 88, and then there will
undoubtedly be others in /usr, /usr/X11/bin, ...
> Capabilities themselves are not safe. They are used to make a system safe.
> The process of making the system safe requires validation of the programs
> being given extra privileges. Otherwise, you have no assurance that security
> policies are being enforced.
Right. But it is easier to check that the program being audited doesn't
abuse its few extra powers than to check it can't do anything nasty because
no holds are barred being SUID root.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:22 EST