--- Cliffe <[email protected]> wrote:
> As good an idea POSIX capabilities might be,
Now that's a refreshing comment. Thank you.
> not all security problems
> can be solved with a bitmap of on/off permissions.
There are people (I'm not one of them) who figure that you
can solve all the security problems by applying sufficiently
fine granularity of on/off permissions.
> Peter Dolding wrote:
> <lots o stuff>
>
> Ok but what happens to the principle of least privilege?
>
> What if we want AppArmor to confine that application to use a particular
> set of ports?
>
> Do you propose having a capability for each port? how about protocols?
While you're at it, how about a capability for each possible
directory entry name?
> So unless my understanding of capabilities is fundamentally flawed
> (which it may be - I have not spent time reviewing recent changes)
> obviously Linux capabilities does not provide a solution to every problem.
Of course they don't. The only problem they are intended
to solve, and I really mean this, is the association of uid 0
with privilege. That's it. You would be better off with a single
CAP_GODLIKE than with uid 0 having all privilege all the time.
Fine grained capabilities are a bonus, and there are lots of
people who think that it would be really nifty if there were a
separate capability for each "if" in the kernel. I personally
don't see need for more than about 20. That is a matter of taste.
DG/UX ended up with 330 and I say that's too many.
Casey Schaufler
[email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
