Re: Preparing Debian for using capabilities: file ownership.
>>>>> "Raul" == Raul Miller <moth@debian.org> writes:
Raul> Or, put another way, we're going to have to re-write a lot
Raul> of administrative docs to adapt to a capabilities-based
Raul> security setup. And then we'll have to do it again for
Raul> MAC.
;-)
or should that be
:-(
Raul> [Also: both have extra baggage, but MAC+capabilities looks
Raul> like something safer to switch over to than capabilities
Raul> without MAC.]
Where can I find out more about MAC? MAC is a completely new acronym
to me...
>> - what is the current status of capabilities in Linux? Last I heard,
>> it was so limited that it was next to useless. I hope this has/will
>> change.
Raul> They're implemented in 2.4, but they're not ready for prime
Raul> time. The set of capabilities may change, and ext2fs
Raul> doesn't let you do the capability analog to setuid (nor the
Raul> inverse -- where capabilities are supressed).
Will it be possible to limit individual processes access to individual
files? I have a good reason for wanting to do this, but so far, all I
can tell is that the list of capabilities is fixed/hard-coded in the
kernel and cannot be changed.
Raul> Not very practical.
Raul> kernel change time != package install time.
Raul> Basically, we'd be committing to do a complete sweep of the file
Raul> system every time the kernel booted. [Perhaps optimize this by
Raul> marking each partition with a stamp indicating what kernel
Raul> has swept the partition?]
My guess is that supporting both systems could get very messy, very
quickly.
However, I think supporting both systems might be essential, so that
people can get use to the completely different way in which things are
done, which-out being "forced" into the change.
I can't say much more then that right now until I get a chance to play
around with some of this stuff myself.
Perhaps enhancing suidregister to support capabilities might be a good
first step.
--
Brian May <bam@debian.org>
Reply to: