[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preparing Debian for using capabilities: file ownership.

> 
> Also, keep in mind that the set of capilities differs between 2.2 and
> 2.4 kernels if memory serves me correctly, and people are still looking
> at making sure the current set is an optimal one. (Fun assignment: see
> which capabilities can lead to root access. It turns out to be a
> surprisingly large set).
> 
> Wichert.
> 
VMS had a granular set of privileges, many of which could be leveraged to grant
all privileges, but they were still useful. The User Authorization Facility
summarized the privileges for an account as being equivalent to ALL if they
contained one of the ones which could be leveraged to obtain all privileges.

I used to regard the levels of privilege as being similar to the safety catch 
on
a gun. It does not provide you with much protection if someone takes control of
the gun away from you, but it will stop you shooting yourself in the foot.

John Lines
Reply to: