Re: Filesystem Capabilities in 2.6?

Alexander Viro (viro@math.psu.edu)
Sun, 3 Nov 2002 11:09:43 -0500 (EST)


On Sun, 3 Nov 2002, Olaf Dietsche wrote:

> > To do so in a more complicated model is harder,
> > not easier.
>
> Because it's harder for you to do a proper job, doesn't mean it is for
> everybody else.

Huh?

> > More features != better security. Quite often it's exact opposite.
> > Human do make errors, otherwise suid-root stuff wouldn't be a problem
> > to start with. And when security mechanism increases probability
> > of error it becomes a menace.
>
> Capabilities are not about adding features, they are about reducing.
> Face it, you just don't get it.

Face it, you either just can't read or are deliberately being obtuse.
New mechanism for raising capabilities doesn't have to be about adding
features, IT IS A NEW FEATURE ITSELF.

Now, fuck off. To .procmailrc you go...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/