tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC: New security model secmodel_securechroot(9)

On Sun, Jul 10, 2011 at 12:58:42PM -0400, Thor Lancelot Simon wrote:
> What I ended up with on my system that started out pretty much where
> this proposal does was with a hack that used special group IDs as
> pseudo-capabilities...

Cumulating capabilities (and negations?) over all the subsiduary groups
might be a way of giving fine control.

One problem is that, historically, unix privileges have always been
based on a sledgehammer approach - if you don't want everybody to
be able to do something then only root can do it.

Even for programs the 'group execute + suid' can be used to allow
some people to run some programs. But that probably needs the limit
on the number of subsiduary groups raised significantly.


David Laight:

Home | Main Index | Thread Index | Old Index