About this list Date view Thread view Subject view Author view Attachment view

From: Linas Vepstas (linas_at_linas.org)
Date: Tue 11 Nov 2003 - 22:48:05 GMT

I've got some basic questions about 'Capabilities' in Linux. I'm
cross-posting this to the vserver list, since vserver provides good
support for caps.

First, the 'general' question:

Why is the libcap mailing list so quiet? Why does google not find
anything interesting for Linux capabilities? Is this because there
is some deep-rooted, fundamental design-flaw or problem with
capabilities and/or with thier Linux implementation? Have the basic
libcap tools been obsoleted by selinux, rsbac or some other security
system? Or is it simply that "capability" is such a generic term that
newcomers don't bother to even invsetigate this technology?
I'm trying to understand why Linux capabilites is such a 'sleepy' topic.

Then a specific question:

I started looking at capabilites so that I could remove some capabilities
from a process after its been started. For example: named/bind9: let
it start, let it chroot itself into place, then remove choot privledges
from it. I discovered that I can't do that because I don't seem to have
setpcap permissions ... appearently because its dangerous to have this.

So the questions are:
-- Did I misunderstand something in explaining the above?
-- Is it 'fundamentally dangerous' to be able to take away caps from
   other processes? It seems 'safe' to me, or at least no more dangerous
   than having a root user who can kill -9 assorted processes ...
-- If above is 'safe', then is the problem that the linux kernel
   doesn't have any way to grant one process the rights to remove
   caps from another, without also giving it 'unsafe' abilities, such
   as raising caps?


pub  1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas_at_linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984  3F54 64A9 9A82 0104 5933
Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 11 Nov 2003 - 22:50:43 GMT by hypermail 2.1.3