From: Linas Vepstas (linas_at_linas.org)
Date: Tue 11 Nov 2003 - 22:48:05 GMT
I've got some basic questions about 'Capabilities' in Linux. I'm
cross-posting this to the vserver list, since vserver provides good
support for caps.
First, the 'general' question:
Why is the libcap mailing list so quiet? Why does google not find
anything interesting for Linux capabilities? Is this because there
is some deep-rooted, fundamental design-flaw or problem with
capabilities and/or with thier Linux implementation? Have the basic
libcap tools been obsoleted by selinux, rsbac or some other security
system? Or is it simply that "capability" is such a generic term that
newcomers don't bother to even invsetigate this technology?
I'm trying to understand why Linux capabilites is such a 'sleepy' topic.
Then a specific question:
I started looking at capabilites so that I could remove some capabilities
from a process after its been started. For example: named/bind9: let
it start, let it chroot itself into place, then remove choot privledges
from it. I discovered that I can't do that because I don't seem to have
setpcap permissions ... appearently because its dangerous to have this.
So the questions are:
-- Did I misunderstand something in explaining the above?
-- Is it 'fundamentally dangerous' to be able to take away caps from
other processes? It seems 'safe' to me, or at least no more dangerous
than having a root user who can kill -9 assorted processes ...
-- If above is 'safe', then is the problem that the linux kernel
doesn't have any way to grant one process the rights to remove
caps from another, without also giving it 'unsafe' abilities, such
as raising caps?
-- pub 1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas_at_linas.org> PGP Key fingerprint = 8305 2521 6000 0B5E 8984 3F54 64A9 9A82 0104 5933 _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver