Re: Preparing Debian for using capabilities: file ownership.

To: debian-policy@lists.debian.org
Subject: Re: Preparing Debian for using capabilities: file ownership.
From: miquels@cistron.nl (Miquel van Smoorenburg)
Date: 22 Sep 2000 23:35:37 GMT
Message-id: <[🔎] 8qgqc9$sd7$1@enterprise.cistron.net>
References: <[🔎] 20000920222406.B426@debian.org>

In article <[🔎] 20000920222406.B426@debian.org>,
=?iso-8859-1?Q?Nicol=E1s_Lichtmaier?=  <nick@debian.org> wrote:
> It seems that in order to take full advantage of capabilities, files should
>not be owned by root. Files should be owned by a non-login user (e.g. bin).

That would not be a logical step. Right now programs such as rlogin, ssh,
NFS etc make sure that you cannot login as root or that root rights
get smashed. If your box is cracked somehow, it often is the case that
people can get any userid they like _except_ root. If the system binaries
are owned by a non-root uid, that will lower security quite significantly.

Mike.
-- 
Q: What is the one true indent width?
A: 42.

Reply to:

Follow-Ups:
- Re: Preparing Debian for using capabilities
  - From: "Jonathan D. Proulx" <jon@ai.mit.edu>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>

References:
- Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>

Prev by Date: Re: Preparing Debian for using capabilities: file ownership.
Next by Date: Re: Preparing Debian for using capabilities
Previous by thread: Re: Preparing Debian for using capabilities: file ownership.
Next by thread: Re: Preparing Debian for using capabilities
Index(es):
- Date
- Thread