Re: socket-based activation has unmaintainable security?

To: Andrey Rahmatullin <wrar@wrar.name>
Cc: debian-devel@lists.debian.org
Subject: Re: socket-based activation has unmaintainable security?
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Wed, 6 Feb 2013 15:20:09 -0600
Message-id: <[🔎] 20130206212009.GA18337@sergelap>
In-reply-to: <[🔎] 20130206183638.GG6490@belkar.wrar.name>
References: <20121114204711.GA9158@virgil.dodds.net> <[🔎] 5110DCEC.4010405@gmail.com> <[🔎] CAJusiZUjKP_nv96HNCmUFyNRUkyYW+1Y1JPtpCMC4hoTip3Yaw@mail.gmail.com> <[🔎] 20130206082757.GC24543@anguilla.debian.or.at> <[🔎] 51121C5A.6090203@debian.org> <[🔎] 51129451.3070206@debian.org> <[🔎] 20130206173750.GE6490@belkar.wrar.name> <[🔎] A2EC83DC-57B2-474B-B56B-5D0225A0CA3A@debian.org> <[🔎] 20130206183028.GB19018@sergelap> <[🔎] 20130206183638.GG6490@belkar.wrar.name>

Quoting Andrey Rahmatullin (wrar@wrar.name):
> On Wed, Feb 06, 2013 at 12:30:28PM -0600, Serge Hallyn wrote:
> > > > Do we finally have mechanisms to start processes without root but with
> > > > elevated capabilities?
> > > We also need fallback for non Capability-capable supported kernels
> > > (wow that's an awkward sentence)
> > Not to mention non-xattr-backed filesystems.
> xattrs is only one of possible mechanisms but as we don't have it either,
> its shortcomings are probably not worth mentioning.

For posix capabilities attached to files xattrs are currently the
only means.  That's what I assumed this was referring to.

-serge

Reply to:

Follow-Ups:
- Re: socket-based activation has unmaintainable security?
  - From: Andrey Rahmatullin <wrar@wrar.name>

References:
- socket-based activation has unmaintainable security?
  - From: Thomas Hood <jdthood@gmail.com>
- Re: socket-based activation has unmaintainable security?
  - From: Shawn <shawnlandden@gmail.com>
- Re: socket-based activation has unmaintainable security?
  - From: Martin Wuertele <maxx@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Chow Loong Jin <hyperair@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Thomas Goirand <zigo@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Andrey Rahmatullin <wrar@wrar.name>
- Re: socket-based activation has unmaintainable security?
  - From: Jonathan Dowland <jmtd@debian.org>
- Re: socket-based activation has unmaintainable security?
  - From: Serge Hallyn <serge.hallyn@canonical.com>
- Re: socket-based activation has unmaintainable security?
  - From: Andrey Rahmatullin <wrar@wrar.name>

Prev by Date: Bug#699922: ITP: pyobfsproxy -- pluggable transport proxy for Tor (Python implementation)
Next by Date: Re: socket-based activation has unmaintainable security?
Previous by thread: Re: socket-based activation has unmaintainable security?
Next by thread: Re: socket-based activation has unmaintainable security?
Index(es):
- Date
- Thread