Re: Audio Apps Mini-Policy, v0.1

To: debian-mentors@lists.debian.org
Subject: Re: Audio Apps Mini-Policy, v0.1
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Tue, 28 Oct 2003 18:45:08 +0100
Message-id: <[🔎] 20031028174508.GA27933@downhill.at.eu.org>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <[🔎] 20031028173114.GH6350@dijkstra.csh.rit.edu>
References: <[🔎] 1067337787.15081.280.camel@zen8100a> <[🔎] 20031028173114.GH6350@dijkstra.csh.rit.edu>

On Tue, Oct 28, 2003 at 12:31:14PM -0500, Matt Zimmerman wrote:
[...] 
> I'm actually starting to wonder whether we should have a general facility
> for these sorts of things.  Having apps be setuid root and expecting them to
> behave responsibility is asking for trouble; it would make much more sense
> to grant them only the capability that they need.  I don't know whether
> there is a filesystem extension to grant capabilities to binaries,


There is libcap2 which requires a kernel-patch.
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/

> but we probably couldn't rely on it anyway. 

ack.

Perhaps execcap(8) can be used as base for the "general facility"?
               cu andreas

Reply to:

Follow-Ups:
- Re: Audio Apps Mini-Policy, v0.1
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Audio Apps Mini-Policy, v0.1
  - From: Zenaan Harkness <zen@iptaustralia.net>
- Re: Audio Apps Mini-Policy, v0.1
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Could someone check this package (osdsh)?
Next by Date: Re: Audio Apps Mini-Policy, v0.1
Previous by thread: Re: Audio Apps Mini-Policy, v0.1
Next by thread: Re: Audio Apps Mini-Policy, v0.1
Index(es):
- Date
- Thread