Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 11:03:14 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 11:03:14 -0500 Received: from leibniz.math.psu.edu ([146.186.130.2]:7566 "EHLO math.psu.edu") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 11:03:13 -0500 Date: Sun, 3 Nov 2002 11:09:43 -0500 (EST) From: Alexander Viro To: Olaf Dietsche cc: Linus Torvalds , Oliver Xymoron , "Theodore Ts'o" , Dax Kelson , Rusty Russell , linux-kernel@vger.kernel.org, davej@suse.de Subject: Re: Filesystem Capabilities in 2.6? In-Reply-To: <87u1iymym1.fsf@goat.bogus.local> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1038 Lines: 31 On Sun, 3 Nov 2002, Olaf Dietsche wrote: > > To do so in a more complicated model is harder, > > not easier. > > Because it's harder for you to do a proper job, doesn't mean it is for > everybody else. Huh? > > More features != better security. Quite often it's exact opposite. > > Human do make errors, otherwise suid-root stuff wouldn't be a problem > > to start with. And when security mechanism increases probability > > of error it becomes a menace. > > Capabilities are not about adding features, they are about reducing. > Face it, you just don't get it. Face it, you either just can't read or are deliberately being obtuse. New mechanism for raising capabilities doesn't have to be about adding features, IT IS A NEW FEATURE ITSELF. Now, fuck off. To .procmailrc you go... - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/