The capabilities-based solution
Posted Jan 14, 2005 17:05 UTC (Fri) by giraffedata
Parent article: Merging the realtime security module
A more comprehensive solution would be to make capabilities work properly
As a promoter of capabilities, I'd like to expand on this.
The proper Linux alternative to hardcoding certain capabilities to a certain group ID in the kernel is a "setcap" program. That's the equivalent of a classic setuid program in a classic system where privileges are attached to uid (to wit, uid 0). The setcap program has capabilities attached to it. Any process that executes that program gets those capabilities. So you'd just install one of these and give execute permission to the group ID of your choice.
I have this running on my systems, with a few lines of change to the base kernel and a program interpreter loadable module. I feel a lot safer with virtually no "superuser" processes.
But I agree with the article that there seems to be little interest in fine-grained capabilities, and little hope that a usable capability system will show up in a mainstream Linux kernel in the foreseeable future.
to post comments)