> > But anyway, capabilities are useable without fs support. > > Definitely. Some daemons like proftpd already use them. > > Also, keep in mind that the set of capilities differs between 2.2 and > 2.4 kernels if memory serves me correctly, and people are still looking > at making sure the current set is an optimal one. (Fun assignment: see > which capabilities can lead to root access. It turns out to be a > surprisingly large set).
Well said. Capabilities add a bunch of complexity and granularity of dubious usefulness, and will almost certainly turn out to introduce masses of security holes as they get used and misused. The traditional model has the great advantages of simplicity and not offering more than it can really deliver. Also keep in mind that capabilities are based on a now-dead POSIX standard from a commitee which couldn't decide in over 10 years of work what unix security meant. I won't bother with capabilities until they get rammed down my throat, and I kind of hope debian isn't the first to do the ramming. Britton
