Re: ext3 to include capabilities?

David Lang (dlang@diginsite.com)
Mon, 12 Apr 1999 11:18:47 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gerhard Mack: "Re: 2.0 a lot better than 2.2 on high-latency links."
Previous message: Linus Torvalds: "Re: [patch] fix for cc1 Out of memory [Re: [TESTCASE] `Out of memory for cc1']"

-----BEGIN PGP SIGNED MESSAGE-----

For the issue of what would happen with an old kernel there are two
possibilities that have been posted.

1. using the suid bit everything would work, but you would have
potentially large security holes. (think of lilo being set for just the
capabilities it needs, now when run on an older kernel it is suid root and
anyone can run it not just root)

2. using one of the many other methods mentioned things would break,
potentially in ways that prevent you from even being ablt to shutdown the
system (think of shutdown and reboot with capablities set, you could not
run them)

option 1 requires care in the trasition to avaoid security holes, option 2
requires a "flag day" type of change. This was hard enough to do to go to
ELF binaries when everyone agreed they were significantly better (and even
then there was a transition period) I don't see capabilities being such a
huge advantage that everyone is willing to sacrafice backwards
compatability to get them. Yes the people most interested in security
will, but that is not everyone and unless you are willing to wait years to
get everyone to agree we need to find a way that avoids breaking
everything.

David Lang

"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQEVAwUBNxI5CT7msCGEppcbAQFmugf/a0oiZfckExU9f0rjkOhkpYvBWOWAZu6b
mGS3yHLaIkJaJ0Ww/H/Ob1ZX9JNcCy1SlxQB4GZsTSx4xzOCsWySXNSy5+KVHmaz
kdtXBXrVfG34CCjUTzc1mbh+kCDkhZhK7YWjPSmLpDDuKC2zVn01dpExSQaghuMr
NaWYynMMPv0Yb591RemMWeCQuuE9KNVqqk/7LxlxyHCtJGpxWTISoyxh1rvK+9qX
ud09TvKo0L+XJ9jn/dfpxFrOJkxEvwOz5iC+CIepwrxfI0X8+FXGO6u3XRr4YE3n
YU0SNtskEUrBfIoVb2mcQBPVLIMGRO5BnOfYFyqA8pLsVcYVe35EMg==
=h346
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gerhard Mack: "Re: 2.0 a lot better than 2.2 on high-latency links."
Previous message: Linus Torvalds: "Re: [patch] fix for cc1 Out of memory [Re: [TESTCASE] `Out of memory for cc1']"