Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 08:46:09 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 08:46:09 -0500 Received: from mailout02.sul.t-online.com ([194.25.134.17]:22912 "EHLO mailout02.sul.t-online.com") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 08:46:08 -0500 Cc: Oliver Xymoron , Alexander Viro , "Theodore Ts'o" , Dax Kelson , Rusty Russell , , References: From: Olaf Dietsche To: Linus Torvalds Subject: Re: Filesystem Capabilities in 2.6? Date: Sun, 03 Nov 2002 14:52:18 +0100 Message-ID: <877kfuvjzh.fsf@goat.bogus.local> User-Agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Honest Recruiter, i386-debian-linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1435 Lines: 30 Linus Torvalds writes: > On the other hand, I have this suspicion that the most secure setup is one > that the sysadmin is _used_ to, and knows all the pitfalls of. Which > obviously is a big argument for just maintaining the status quo with suid > binaries. As is shown every now and then, when the next security hole is reported. So we stay at the lowest common denominator. I've always had good experience with educating people, not with dumbing them down. But maybe I've been just lucky then and worked with very smart people. > We have decades of knowledge on how to minimize the negative impact of > suid (I've used sendmail as an example of a suid program, and yet last I > looked sendmail was actually pretty careful about dropping all unnecessary > privileges very early on). So we throw out the baby with the bath water. This is conservatism at it's worst. > And as Al points out, new security features don't mean that you can just > stop being careful. Stating the obvious. Capabilities are not an end in itself, nor is suid root. It's just another line of defense to help with these binaries, which are _not_ capability aware. Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/