Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks

From: Casey Schaufler
Date: Tue Apr 18 2006 - 19:00:34 EST

Next message: Valdis . Kletnieks: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Previous message: Patrick Mochel: "Re: [patch 1/3] acpi: dock driver"
In reply to: Serge E. Hallyn: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Bernhard R. Link: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- "Serge E. Hallyn" <serue@xxxxxxxxxx> wrote:

> The posix caps sendmail fiasco is one example.

Sendmail with POSIX Capabilities works great
on Irix, which is the system it was developed
for. Irix, unlike Linux, supports (but, in
keeping with IEEE rules does not claim to
conform to) the POSIX Capabilities exec(2)
symantics. The sendmail work was done in
anticipation of Linux supporting Posix
Capabilities. Alas, the xattr work on Linux
was not done before the Company The Built Irix
ran out of money to spend on security* and
the push to get capabilities working right
never materialized. Sorry.

----
* I'm not bitter. Oh no, it goes way beyond bitter.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)"
Previous message: Patrick Mochel: "Re: [patch 1/3] acpi: dock driver"
In reply to: Serge E. Hallyn: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Next in thread: Bernhard R. Link: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]