Posted Mar 22, 2012 2:20 UTC (Thu) by ldo
Parent article: CAP_SYS_ADMIN: the new root
I saw much the same thing play out in the 1980s with VMS, and its “privileges” system (of which Linux capabilities are a very close copy in principle). Even with a (presumably) centrally-managed design and implementation, you still get overlaps and odd divisions.
And have you figured out what you’re trying to achieve, anyway? Are you trying to guard against accidents, or malice? Guarding against malice means trying to ensure that none of the privileges/capabilities is on its own effectively equivalent to full root access—a task which seems hopeless.
to post comments)