Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964845AbWIJUDt (ORCPT ); Sun, 10 Sep 2006 16:03:49 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964844AbWIJUDt (ORCPT ); Sun, 10 Sep 2006 16:03:49 -0400 Received: from nef2.ens.fr ([129.199.96.40]:19985 "EHLO nef2.ens.fr") by vger.kernel.org with ESMTP id S964842AbWIJUDs (ORCPT ); Sun, 10 Sep 2006 16:03:48 -0400 Date: Sun, 10 Sep 2006 22:03:37 +0200 From: David Madore To: Joshua Brindle Cc: Linux Kernel mailing-list , LSM mailing-list Subject: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities Message-ID: <20060910200337.GA24123@clipper.ens.fr> References: <20060910133759.GA12086@clipper.ens.fr> <20060910134257.GC12086@clipper.ens.fr> <1157905393.23085.5.camel@localhost.localdomain> <450451DB.5040104@gentoo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <450451DB.5040104@gentoo.org> User-Agent: Mutt/1.5.9i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.10 (nef2.ens.fr [129.199.96.32]); Sun, 10 Sep 2006 22:03:37 +0200 (CEST) Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1604 Lines: 32 On Sun, Sep 10, 2006 at 01:56:43PM -0400, Joshua Brindle wrote: > To expand on this a little, some of the capabilities you are looking to > add are of very little if any use without being able to specify objects. > For example, CAP_REG_OPEN is whether the process can open any file > instead of specific ones. How many applications open no files whatsoever > in practice? Even if there are some as soon as they change and need to > open a file they'll need this capability and will be able to open any. > CAP_REG_WRITE has the same problem. For a description of why > CAP_REG_EXEC is meaningless see the digsig thread on the LSM list from > earlier this year. CAP_REG_OPEN and CAP_REG_EXEC might be useful only for demonstration purposes, but I've *often* wished I could run a program without CAP_REG_WRITE because I wasn't root and I wanted to make *sure* it didn't write any file anywhere. Instead I had to run them from a user-mode-linux, which is horribly messy and doesn't work well (and, at best, with a noticeable slowdown). Again, I ask: is SElinux useable if you aren't root? (Assuming it's activated, of course: I mean, can you create new policies to make certain programs run with restricted privileges?) I thought it wasn't, but maybe I'm wrong. -- David A. Madore (david.madore@ens.fr, http://www.madore.org/~david/ ) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/