Re: Preparing Debian for using capabilities: file ownership.
On Tue, Sep 26, 2000 at 10:07:28PM -0400, Raul Miller wrote:
:Warning: I'm not an expert.
Nor I..
Additional Warning: This has turned into somewhat of a rant...
However after further reading I stand by my previous assertion that
slapping capapilities ontop of a Un*x like system is asking for
trouble.
Are we really going to get anything valuable out of this? Will portmap
be able to assign reserved ports without any other privileges? Will
MTA's be restricted to just running the mail queue and *appending* to
mail spool files?
Will this mean that every file and/or directory will need to be picked
over by the kernel (or some user space deamon) if the machine is not
shutdown properly (or worse even if it is) or will some checkpointing
system be used to save this state (and suck up disk resources)?
More to the point is this even an issue for a Distribution to take up,
wouldn't these changes happen up stream (I know that some people here
are also there, but...)
The granularity afforded by capabilities is, IMHO, required to have a
reasonably secure operating system in an open environment. But
putting capabilities ontop of the blocky UN*X ACL system (especially
if they can only *elevate* privilige) is likely to cause more problems
than it solves both in new and more interesting security holes and
overwhelming complexity for administrators (which will in turn case
more security flaws of omission)
If you want a capapility system find one you like and work on
developing that, one that doesn't have root and does have the
granularity to really restrict users/processes/files/whatever to do
only what they are intended to do. I don't see this as an attainable
goal in a hybrid system.
The End is Nigh :)
-Jon
Reply to: