| |||||||||||
reminder: "POSIX capabilities" are different from "capabilities"reminder: "POSIX capabilities" are different from "capabilities"Posted May 13, 2004 16:03 UTC (Thu) by rjw (guest, #10415)In reply to: reminder: "POSIX capabilities" are different from "capabilities" by zooko Parent article: Magic groups in 2.6
Also, its important to note that the closest things we have to We should also be careful to separate the concept of a physical user from a unix uid. Users should have the ability to create subservient users and groups - that are bounded by the permission set that their 'principal' user has. Every program that is run should really be run under a temporary UID with a minimal per-process namespace as well - ie only knowledge of the files it needs. This includes running dodgy email attachments - if we remove the ambient authority to open random network ports and trash a users files, to fork or malloc the system to death and to do all kinds of other damage, we could run even random binaries and shell scripts emailed to us without fear. This all would all require quite a lot of work, but it wouldn't mean having two or more utterly arbitrary security models tacked on to the unix one. SELinux really makes me sick.
(Log in to post comments)
reminder: "POSIX capabilities" are different from "capabilities" Posted May 13, 2004 23:44 UTC (Thu) by pimlott (guest, #1535) [Link] We should also be careful to separate the concept of a physical user from a unix uid. Users should have the ability to create subservient users and groups - that are bounded by the permission set that their 'principal' user has. Oh man, I wish someone had done this. Now that we have SELinux et al, it's not likely to happen.
SELinux really makes me sick. *rech*
|
|||||||||||