Re: request: capabilities that allow users to drop privileges further

[Christian Borntraeger]

Richard B. Johnson wrote:
> On Mon, 15 Dec 2003, Felix von Leitner wrote:
> > I would like to be able to drop capabilities that every normal user
[...]
> > security problems further.  For example, I want my non-cgi web server
[...]
> >   * fork
> >   * execve
> >   * ptrace
[...]
> So you expect kernel support?  Normally, real people write or
> modify applications to provide for specific exceptions to
> the standards. They don't expect an operating system to
> modify itself to unique situations. That's not what
> operating systems have generally done in the past.
[...]

I dont agree. Policy is userspace but enforcing the policy very often needs 
kernel support.

Having ACL in 2.6 is an example where operating system already adopted to 
special needs. Furthermore, the kernel is already able to drop special 
capabilites, like module loading.  Having a generalised capabilites model 
is a good idea and there are already some more or less usable security 
modules.

cheers

Christian

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/