Re: Preparing Debian for using capabilities: file ownership.

[Nicolás Lichtmaier <nick@debian.org>]

> >  That's not true, capabilities can be handled with system calls. A daemon
> > may drop all capabilities except the one needed to bind to privileged ports.
> > But the daemon would still be ran with UID 0, and be able to modify/access
> > any root owned file in the system.
> Granted. Applications should still be able to run on kernels without
> capabilities until woody+1 at least imho. I still get bugreports
> reasonably frequently from people using 2.0 kernels, and I expect people
> will continue to use them for quite some time.

 I don't think we should offer that compatibility for woody. But anyway, the
daemon will not be as safe, but it would run.

> >  Capabilities are the future of security in Linux. Capabilities are
> > supported in the kernel Debian is now shipping with potato. FS support will
> > surely be one of the first things added to 2.5.
> 
> I'm not so sure. Actually I'm sure it won't be one of the first things:
> capabilities will probably be done as part of a more general attributes
> change, and I don't remember seeing a solid and accepted proposal for
> that yet.

 Yes, you are right, I was probably too optimisitic with that. But, perhaps,
the "general change" will be the modification of EXT2 to support "resource
forks", but the needed changes in the VFS are probably small, and perhaps,
one of those new filesystems will include capabilities before ext2 does...
But anyway, capabilities are useable without fs support.