LWN.net Logo

Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

BSD-style securelevel comes to Linux — again

BSD-style securelevel comes to Linux — again

Posted Sep 12, 2013 20:22 UTC (Thu) by zooko (subscriber, #2589)
In reply to: BSD-style securelevel comes to Linux — again by geofft
Parent article: BSD-style securelevel comes to Linux — again

Sigh. I wonder how much damage has been done by Linux using the word "capabilities" for their non-capabilities access control scheme?

"It seems that there is a fundamental flaw in the capability model: it is nearly impossible to add new capability bits without risking problems with applications that do not know about the new bits."

If you mean Linux's non-capabilities "capabilities", then yes! Your article succinctly explains the fundamental problem with them. If you mean real capabilities, then no! Real capability systems do not have this problem.

(Log in to post comments)

Blame POSIX not Linux

Posted Sep 12, 2013 22:26 UTC (Thu) by david.a.wheeler (subscriber, #72896) [Link]

The terminology problem is from POSIX, not Linux. There was a POSIX group ("POSIX Security Extensions") that defined a draft spec that used the term "capabilities" for something completely different than what many other people called capabilities. Linux implemented that draft POSIX spec, and thus uses its terminology.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds