Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sun, 3 Nov 2002 11:34:36 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sun, 3 Nov 2002 11:34:35 -0500 Received: from mailout08.sul.t-online.com ([194.25.134.20]:47031 "EHLO mailout08.sul.t-online.com") by vger.kernel.org with ESMTP id ; Sun, 3 Nov 2002 11:34:33 -0500 Date: Sun, 3 Nov 2002 17:40:43 +0100 To: linux-kernel@vger.kernel.org Subject: Re: Filesystem Capabilities in 2.6? Message-ID: <20021103164043.GA3271@lina.inka.de> References: <1036328263.29642.23.camel@irongate.swansea.linux.org.uk> <20021103173016.E30076@vestdata.no> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20021103173016.E30076@vestdata.no> User-Agent: Mutt/1.4i From: Bernd Eckenfels Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 856 Lines: 20 On Sun, Nov 03, 2002 at 05:30:16PM +0100, Ragnar Kj?rstad wrote: > Unfortenately it will be much harder to find all executables with > increased capabilities on your system. Depends if you insert the capabilities/checksum into single files all over your file system or in a central /etc/capabilities.conf file. The later is a bit like other security linux distributions and has clearly the advantage of beeing more obvious. The scheme could be extended for non capability related integrity checking. For exampel all root programs need to be listed there with checksums or someting like that. Greetings Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/