Re: Preparing Debian for using capabilities: file ownership.
Warning: I'm not an expert.
On Wed, Sep 27, 2000 at 10:54:04AM +1100, Brian May wrote:
> - is root still required? If so why and what for?
Exactly.
Or, put another way, we're going to have to re-write a lot
of administrative docs to adapt to a capabilities-based
security setup. And then we'll have to do it again for
MAC.
[Also: both have extra baggage, but MAC+capabilities looks
like something safer to switch over to than capabilities
without MAC.]
> - if files are owned by bin:bin, does this mean root no longer
> can change them (assuming everything is set up correctly)?
Nope.
At least, as I interpret what Andrew Morgan told me, MAC (mandantory
access control) is what would limit root. capabilities allow non-root
processes to have root-like powers.
> - what is the current status of capabilities in Linux? Last I heard,
> it was so limited that it was next to useless. I hope this has/will
> change.
They're implemented in 2.4, but they're not ready for prime time. The
set of capabilities may change, and ext2fs doesn't let you do the
capability analog to setuid (nor the inverse -- where capabilities
are supressed).
> - is it practical/possible to initially support both systems, but
> have capabilities as an option that is disabled by default, and only
> enabled if the administrators knows what he/she is doing. ie could the
> postinst script have:
>
> if ! capabilities; then
> suidregister ...
> else
> set capabilities.
> endif
Not very practical.
kernel change time != package install time.
Basically, we'd be committing to do a complete sweep of the file
system every time the kernel booted. [Perhaps optimize this by
marking each partition with a stamp indicating what kernel
has swept the partition?]
--
Raul
Reply to: