--- Cliffe <[EMAIL PROTECTED]> wrote: > As good an idea POSIX capabilities might be,
Now that's a refreshing comment. Thank you. > not all security problems > can be solved with a bitmap of on/off permissions. There are people (I'm not one of them) who figure that you can solve all the security problems by applying sufficiently fine granularity of on/off permissions. > Peter Dolding wrote: > <lots o stuff> > > Ok but what happens to the principle of least privilege? > > What if we want AppArmor to confine that application to use a particular > set of ports? > > Do you propose having a capability for each port? how about protocols? While you're at it, how about a capability for each possible directory entry name? > So unless my understanding of capabilities is fundamentally flawed > (which it may be - I have not spent time reviewing recent changes) > obviously Linux capabilities does not provide a solution to every problem. Of course they don't. The only problem they are intended to solve, and I really mean this, is the association of uid 0 with privilege. That's it. You would be better off with a single CAP_GODLIKE than with uid 0 having all privilege all the time. Fine grained capabilities are a bonus, and there are lots of people who think that it would be really nifty if there were a separate capability for each "if" in the kernel. I personally don't see need for more than about 20. That is a matter of taste. DG/UX ended up with 330 and I say that's too many. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
