Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964951AbWIKQAG (ORCPT ); Mon, 11 Sep 2006 12:00:06 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964950AbWIKQAG (ORCPT ); Mon, 11 Sep 2006 12:00:06 -0400 Received: from web36614.mail.mud.yahoo.com ([209.191.85.31]:55139 "HELO web36614.mail.mud.yahoo.com") by vger.kernel.org with SMTP id S964947AbWIKQAE (ORCPT ); Mon, 11 Sep 2006 12:00:04 -0400 Message-ID: <20060911160002.78419.qmail@web36614.mail.mud.yahoo.com> X-RocketYMMF: rancidfat Date: Mon, 11 Sep 2006 09:00:02 -0700 (PDT) From: Casey Schaufler Reply-To: casey@schaufler-ca.com Subject: Re: capability inheritance (was: Re: patch to make Linux capabilities into something useful (v 0.3.1)) To: David Madore Cc: Linux Kernel mailing-list In-Reply-To: <20060910142540.GA19804@clipper.ens.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1687 Lines: 53 --- David Madore wrote: > I can see no way of reconciling the POSIX rules with > sane Unix behavior. While one strives to maintain the decorum of friendly debate, "Them's fighting words"*. Have you read the POSIX DRAFT rationale section? Have you read any of the DRAFT, for that matter? Breaking privilege apart from UID==0 and the setuid mechanism while allowing a system that could still work without requiring programs to be rewritten took quite a while. The DRAFT versions don't differ that greatly after about DRAFT 12. The scheme has been implemented several times. > Hence I can only give up if someone > insists that the POSIX > draft should be adhered to. > > (Just in case someone were tempted to get away with > a handwaving such > as "just follow the POSIX rules except for suid > root...", let that > someone please try to come up with a full > description of the rules > which breaks nothing, and he will understand that > it's not at all easy.) The relationship between setuid and file based capabilitiy sets is straitforward. There is none. If your system supports root or capability (like Irix) or strictly capability (like Trix) the calculation is identical. There is a full descrition of the rules in the DRAFT. If you have questions about it, I'd be happy to dust off my copy to help you understand it. ---- * Yosemite Sam in "High Diving Hare", 1949 Casey Schaufler casey@schaufler-ca.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/