Re: Preparing Debian for using capabilities: file ownership.

To: Nicolás Lichtmaier <nick@debian.org>
Cc: debian-policy@lists.debian.org
Subject: Re: Preparing Debian for using capabilities: file ownership.
From: Wichert Akkerman <wichert@cistron.nl>
Date: Sat, 23 Sep 2000 00:09:51 +0200
Message-id: <[🔎] 20000923000951.B31552@cistron.nl>
Mail-followup-to: Wichert Akkerman <wichert@cistron.nl>, Nicolás Lichtmaier <nick@debian.org>, debian-policy@lists.debian.org
In-reply-to: <[🔎] 20000922184402.B4682@debian.org>; from nick@debian.org on Fri, Sep 22, 2000 at 06:44:02PM -0300
References: <[🔎] 20000920222406.B426@debian.org> <[🔎] 20000921135003.A15461@cistron.nl> <[🔎] 20000922184402.B4682@debian.org>

Previously Nicolás Lichtmaier wrote:
>  That's not true, capabilities can be handled with system calls. A daemon
> may drop all capabilities except the one needed to bind to privileged ports.
> But the daemon would still be ran with UID 0, and be able to modify/access
> any root owned file in the system.

Granted. Applications should still be able to run on kernels without
capabilities until woody+1 at least imho. I still get bugreports
reasonably frequently from people using 2.0 kernels, and I expect people
will continue to use them for quite some time.

>  Capabilities are the future of security in Linux. Capabilities are
> supported in the kernel Debian is now shipping with potato. FS support will
> surely be one of the first things added to 2.5.

I'm not so sure. Actually I'm sure it won't be one of the first things:
capabilities will probably be done as part of a more general attributes
change, and I don't remember seeing a solid and accepted proposal for
that yet.

Wichert.

-- 
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert@liacs.nl                    http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to:

Follow-Ups:
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Raul Miller <moth@debian.org>

References:
- Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>

Prev by Date: Re: Preparing Debian for using capabilities: file ownership.
Next by Date: Re: Preparing Debian for using capabilities: file ownership.
Previous by thread: Re: Preparing Debian for using capabilities: file ownership.
Next by thread: Re: Preparing Debian for using capabilities: file ownership.
Index(es):
- Date
- Thread