[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preparing Debian for using capabilities: file ownership.

Previously Nicolás Lichtmaier wrote:
> >  Capabilities are the future of security in Linux. Capabilities
> > are supported in the kernel Debian is now shipping with potato. FS
> > support will surely be one of the first things added to 2.5.

On Sat, Sep 23, 2000 at 12:09:51AM +0200, Wichert Akkerman wrote:
> I'm not so sure. Actually I'm sure it won't be one of the first
> things: capabilities will probably be done as part of a more general
> attributes change, and I don't remember seeing a solid and accepted
> proposal for that yet.

Also, before debian tackles capabilities on a distribution-wide basis,
we are going to need some serious sysadmin experience with all
their subtleties.

Good security means that the system does what the person responsible
understands that the system is doing.  Capabilities add a lot of
potential complexity to the system, and until we have a good set
of concepts for dealing with that complexity, we have no business
palming the result off on our users.

Also, the right way to use capabilities requires FS support.

Thanks,

-- 
Raul
Reply to: