Re: [patch 2.1.97] more capabilities support

Alexander Kjeldaas (
Fri, 24 Apr 1998 16:24:55 +0200

On Thu, Apr 23, 1998 at 08:51:31PM +0200, Andrej Presern wrote:
> Besides, I really don't see a good reason why a clearly superior design
> should not be implemented, especially considering the fact that both ACL
> and capability list designs can be implemented on top of it, ensuring
> compatibility with existing standards and old programs. Pure capability
> based systems have been running commercial and military security aware
> applications for over 20 years and have even been implemented on off the
> shelf technology (such as IA32) for a number of times.
> Don't get me wrong. I'm not trying to stop POSIX capability lists from
> getting into the kernel. POSIX capabilities are a big improvement
> compared to the current situation. I would just like to point out
> security designs that are far superior than POSIX capability lists.
> POSIX capability lists have only one purpose in the system: security.
> While pure capabilities serve this purpose much better than POSIX
> capability lists, they also provide extra bonuses, such as increased
> performance, decreased complexity, better scalability, increased
> flexibility and more robustness. To me implementing pure capabilities
> seems like a win-win situation.

As I said, I don't have anything against pure capabilities. However, I
don't see pure capabilities being implemented in Linux this year and
not next year either. That makes me conclude that the discussion on
"pure vs POSIX" capabilities is a non-issue. One of them has been
implemented and will improve security, the other one is at most at the
design stage.

The pragmatic in me tells me that the software that will actually
_use_ the POSIX capability interface will be quite low. So if you, in
3 years time, come up with an implementation of pure capabilities in
Linux it will not be a huge task to change a few programs to use a new
interface. It won't even be difficult to support the old interface.

_That_ is a win-win situation.


 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to