Re: [RFC] [PATCH] file posix capabilities

From: Casey Schaufler
Date: Sat Aug 19 2006 - 13:06:07 EST

Next message: Adrian Bunk: "[2.6 patch] arch/parisc/Makefile: remove GCC_VERSION"
Previous message: Ray Lee: "Re: [RFC][PATCH 2/9] deadlock prevention core"
In reply to: Crispin Cowan: "Re: [RFC] [PATCH] file posix capabilities"
Next in thread: Serge E. Hallyn: "Re: [RFC] [PATCH] file posix capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Crispin Cowan <crispin@xxxxxxxxxx> wrote:

> > At least some of the Linux capabilities lend
> themselves to easy
> > privilege escalation to gaining other capabilities
> or effectively
> > bypassing them.
> >
> Certainly; cap_sys_admin effectively gives you
> ownership of the machine.
> But that is fundamental to the POSIX Capabilities
> model, and not
> something that Serge can change.

In turn it is fundamental to the curious
granularity of privileged operations in Unix.

I maintain that the real value in the POSIX
capability model derives from seperating the
permission to violate policy from the UID.

Granularity of such privilege is a bonus, and
a matter of considerable debate. DGUX ended
up with over 330 distinct capabilities, while
Irix had (last I looked) 24, and Solaris
came in somewhere between. All these systems
work.

Casey Schaufler
casey@xxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "[2.6 patch] arch/parisc/Makefile: remove GCC_VERSION"
Previous message: Ray Lee: "Re: [RFC][PATCH 2/9] deadlock prevention core"
In reply to: Crispin Cowan: "Re: [RFC] [PATCH] file posix capabilities"
Next in thread: Serge E. Hallyn: "Re: [RFC] [PATCH] file posix capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]