Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
I cannot wait enough for this to be rolled in.
This is a frequent issue for me -- if you've ever had to deal with system administrators that don't like making things suid root, you'll know what I mean...
Posted Dec 1, 2006 18:44 UTC (Fri) by giraffedata (subscriber, #1954)
I don't think capabilities will change that.
I used to use an operating system that had fine-grained capabilities and system administrators were usually not willing to let anyone other than those who qualified for _all_ of them have _any_ of them. I.e. it's a binary thing -- either you're in the trusted group or you're not.
You can sort of see their point: fine-grained capabilities multiply complexity, and complexity generates ways to make mistakes.
I use Linux capabilities extensively (using local modifications to Linux), but it's always for things that, if I didn't have capabilities, I would be willing to do with superuser.
Posted Jan 27, 2008 17:26 UTC (Sun) by AnswerGuy (guest, #1256)
He said "things" not people.
With file based capabilities it's usually the case that you trust the intentions of the user,
and the programmer who wrote the code. But you're trying to limit the damage that processes
running this code can do to the rest of the system (which giving them enough power to do their
job) --- in the all-too-likely case that the program can be subverted in some way (buffer
overflow, printf error, stack overflow in regex parsing, et cetera, ad infinitum, ad nauseum)
Personally I still thing the cleanest most understandable way of accomplishing this sort of
goal has been the systrace patches by Niels Provos. They make perfect sense to anyone who has
ever had to deal with packet filtering and they are the only approach I've seen that would
allow a normal user to effectively limit behavior of software. (One could imagine a user
creating systrace configurations to prevent his or her browser from accessing specific
document trees and other files, for example. The implications of this are far more
significant than one realizes in an era when many of us are seriously considering locking our
browsers --- and perhaps our MTAs --- into their own virtual machines to protect the rest of
our home directories therefrom).
Posted Oct 14, 2007 20:42 UTC (Sun) by garloff (subscriber, #319)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds