Re: Posix capabilities

From: Theodore Ts'o (
Date: Wed Oct 16 2002 - 22:26:20 EST

On Wed, Oct 16, 2002 at 05:44:59PM +0200, Stefan Schwandter wrote:
> I saw capabilities and acl patches for ext2/3 enter -mm. Is it possible
> now to give an executable (that lives on an ext2/ext3 fs) the necessary
> rights to use SCHED_FIFO without being setuid root? Could someone give
> me some pointers for these topics (capabilities support in linux, acl)?

The patchs which I've been working on do not support capabilities;
just extended attributes.

Personally, I'm not so convinced that capabilities are such a great
idea. System administrators have a hard enough time keeping 12 bits
of permissions correct on executable files; with capabilities they
have to keep track of several hundred bits of capabilties flags, which
must be set precisely correctly, or the programs will either (a) fail
to function, or (b) have a gaping huge security hole.

This probablem could be solved with some really scary, complex user
tools (which no one has written yet). Alternatively you could just
let programs continue to be setuid root, but modify the executable to
explicitly drop all the capabilities except for the ones that are
actually needed as one of the first things that executable does. It
perhaps only gives you 90% of the benefits of the full-fledged
capabilities model, but it's much more fool proof, and much easier to

                                                - Ted
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:31 EST