Nikos Chantziaras <rea...@gmail.com> wrote:
> > Would you call someone who shoots himself into the foot "smart"?
> >
> > Recent Linux kernels support fcaps in the filesystems and "somebody" evil,
> > who
> > knows what he does may even set up fcaps on executable files when the
> > related
> > support-software is not installed, just because the unstable kernel
> > interfaces
> > are accessible from libc.
> >
> > Do you like people to be able to open security holes?
>
> You don't know what my intentions are and why I want to disable libcap.
> I have my reasons. This happens because it is actually possible to
> disable it.
I explained why not having libcap by default is a security risk.
You would need to explain your reasons, I currently cannot see a valid
reason to exclude a very small piece of security relevant software.
> If you really don't like that, then you should probably make libcap
> mandatory. Assume it's there, and if it's not, the user should get
> compile errors.
If you don't like my explanations, you are free to explain your reasons.
> But as long as it's not mandatory, I have my reasons why I would want to
> disable it, just as I have my reasons why I would want to explicitly
> enable it. What if autodetection fails? If I use the appropriate
> "enable libcap" flag, and libcap is not there, or it's broken, or
> whatever, I don't want to get a build that's now insecure. I want the
> build to abort with a big, fat error.
>
> I think you're too used to binary distros and Solaris to appreciate the
> different requirements of source-based distros :-)
Solaris is source based too.....
The real difference to Linux is that Solaris uses a kernel that is
auto-adjusting to the hardware and usage because it is fully dynamically loaded
and because all parameters adjust themself to any needed value as long as there
is enough kernel memory.
Linux has a large statically linked part and in theory you may be able to
compile it without capabilities, but then you would still need to have the
userland support-code available to permit userland programs to find out whether
the current kernel includes support or not.
...it is a matter of understaning security related constraints...
Jörg
--
EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
j...@cs.tu-berlin.de (uni)
joerg.schill...@fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
