Re: Preparing Debian for using capabilities: file ownership.

[Nicolás Lichtmaier <nick@debian.org>]

> >  It seems that in order to take full advantage of capabilities, files should
> > not be owned by root. Files should be owned by a non-login user (e.g. bin).
> 
> I don't believe that is true at all. Can you explain why you think that
> would be advantageous?
> 
> >  That's because root will be just another user, with its set of
> > capabilities, and you may like to prevent him from altering system files.
> Crap, you just moved that problem to another account and gained nothing.
> >  As this is a major change, we'd better start now. This will also help
> > people who want to implement a capabilities setup before we do...
> 
> We can't implement capabilities now anyway, since we don't have a kernel
> with a filesystem that supports them.

 That's not true, capabilities can be handled with system calls. A daemon
may drop all capabilities except the one needed to bind to privileged ports.
But the daemon would still be ran with UID 0, and be able to modify/access
any root owned file in the system.

 Capabilities are the future of security in Linux. Capabilities are
supported in the kernel Debian is now shipping with potato. FS support will
surely be one of the first things added to 2.5.