Re: Filesystem Capabilities in 2.6?

Dax Kelson (dax@gurulabs.com)
02 Nov 2002 11:35:56 -0700

On Sat, 2002-11-02 at 00:06, Theodore Ts'o wrote:
> On Fri, Nov 01, 2002 at 11:32:43AM -0700, Dax Kelson wrote:
> >
> > On Fri, 2002-11-01 at 01:49, Rusty Russell wrote:
> > > I'm down to 8 undecided features: 6 removed and one I missed earlier.
> >
> > How about Olaf Dietsche's filesystem capabilities support? It has been
> > posted a couple times to LK, yesterday even.
>
> Ugh. Personally, as I've said, I'm not convinced filesystem
> capabilities is worth it, providing the illusion of security --- and
> probably will make most systems more insecure because most system
> administrators won't be able to deal with fs capabilties competently.

I see this as a "vendor, RPM maintainer, developer" thing. The
developer,vendor,RPM mainter should be able to determine exactly what
capabilities an otherwise SUID root app needs and ship it appropriately.

Most sysadmin can't 'deal with X', where X is:

- Setup routing properly
- Configure kerberos
- Compile a kernel
- Use setfactl
- ext2/3 attributes
- IPTables
- SGID directories
- Apply a patch

That doesn't mean we should remove the above because they can be used
incorrectly/inappropriately and possibly damage and/or insecure a
system.

Dax

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/