Re: socket-based activation has unmaintainable security?

To: Jonathan Dowland <jmtd@debian.org>
Cc: "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: socket-based activation has unmaintainable security?
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Wed, 6 Feb 2013 12:30:28 -0600
Message-id: <[🔎] 20130206183028.GB19018@sergelap>
In-reply-to: <[🔎] A2EC83DC-57B2-474B-B56B-5D0225A0CA3A@debian.org>
References: <20121114204711.GA9158@virgil.dodds.net> <[🔎] 5110DCEC.4010405@gmail.com> <[🔎] CAJusiZUjKP_nv96HNCmUFyNRUkyYW+1Y1JPtpCMC4hoTip3Yaw@mail.gmail.com> <[🔎] 20130206082757.GC24543@anguilla.debian.or.at> <[🔎] 51121C5A.6090203@debian.org> <[🔎] 51129451.3070206@debian.org> <[🔎] 20130206173750.GE6490@belkar.wrar.name> <[🔎] A2EC83DC-57B2-474B-B56B-5D0225A0CA3A@debian.org>

Quoting Jonathan Dowland (jmtd@debian.org):
> On 6 Feb 2013, at 17:37, Andrey Rahmatullin <wrar@wrar.name> wrote:
> 
> > Do we finally have mechanisms to start processes without root but with
> > elevated capabilities?
> 
> We also need fallback for non Capability-capable supported kernels
> (wow that's an awkward sentence)

Not to mention non-xattr-backed filesystems.

Every time I've been in a discussion like this, that ends up being
the reason not to pursue it.

-serge

Reply to:

Follow-Ups:
- Re: socket-based activation has unmaintainable security?
  - From: Andrey Rahmatullin <wrar@wrar.name>

References:
- socket-based activation has unmaintainable security?
  - From: Thomas Hood <jdthood@gmail.com>
- Re: socket-based activation has unmaintainable security?
  - From: Shawn <shawnlandden@gmail.com>
- Re: socket-based activation has unmaintainable security?
  - From: Martin Wuertele <maxx@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Chow Loong Jin <hyperair@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Thomas Goirand <zigo@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Andrey Rahmatullin <wrar@wrar.name>
- Re: socket-based activation has unmaintainable security?
  - From: Jonathan Dowland <jmtd@debian.org>

Prev by Date: Re: socket-based activation has unmaintainable security?
Next by Date: Re: socket-based activation has unmaintainable security?
Previous by thread: Re: socket-based activation has unmaintainable security?
Next by thread: Re: socket-based activation has unmaintainable security?
Index(es):
- Date
- Thread