Warning: I'm not an expert. On Wed, Sep 27, 2000 at 10:54:04AM +1100, Brian May wrote: > - is root still required? If so why and what for?
Exactly. Or, put another way, we're going to have to re-write a lot of administrative docs to adapt to a capabilities-based security setup. And then we'll have to do it again for MAC. [Also: both have extra baggage, but MAC+capabilities looks like something safer to switch over to than capabilities without MAC.] > - if files are owned by bin:bin, does this mean root no longer > can change them (assuming everything is set up correctly)? Nope. At least, as I interpret what Andrew Morgan told me, MAC (mandantory access control) is what would limit root. capabilities allow non-root processes to have root-like powers. > - what is the current status of capabilities in Linux? Last I heard, > it was so limited that it was next to useless. I hope this has/will > change. They're implemented in 2.4, but they're not ready for prime time. The set of capabilities may change, and ext2fs doesn't let you do the capability analog to setuid (nor the inverse -- where capabilities are supressed). > - is it practical/possible to initially support both systems, but > have capabilities as an option that is disabled by default, and only > enabled if the administrators knows what he/she is doing. ie could the > postinst script have: > > if ! capabilities; then > suidregister ... > else > set capabilities. > endif Not very practical. kernel change time != package install time. Basically, we'd be committing to do a complete sweep of the file system every time the kernel booted. [Perhaps optimize this by marking each partition with a stamp indicating what kernel has swept the partition?] -- Raul
