Re: RFC: New security model secmodel_securechroot(9)

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: RFC: New security model secmodel_securechroot(9)
From: David Laight <david%l8s.co.uk@localhost>
Date: Mon, 11 Jul 2011 08:29:11 +0100

On Sun, Jul 10, 2011 at 12:58:42PM -0400, Thor Lancelot Simon wrote:
> 
> What I ended up with on my system that started out pretty much where
> this proposal does was with a hack that used special group IDs as
> pseudo-capabilities...

Cumulating capabilities (and negations?) over all the subsiduary groups
might be a way of giving fine control.

One problem is that, historically, unix privileges have always been
based on a sledgehammer approach - if you don't want everybody to
be able to do something then only root can do it.

Even for programs the 'group execute + suid' can be used to allow
some people to run some programs. But that probably needs the limit
on the number of subsiduary groups raised significantly.

        David

-- 
David Laight: david%l8s.co.uk@localhost

Follow-Ups:
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Brett Lymn

References:
- RFC: New security model secmodel_securechroot(9)
  - From: Aleksey Cheusov
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Thor Lancelot Simon
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Jean-Yves Migeon
- Re: RFC: New security model secmodel_securechroot(9)
  - From: Thor Lancelot Simon

Prev by Date: Re: RFC: New security model secmodel_securechroot(9)
Next by Date: Re: RFC: New security model secmodel_securechroot(9)
Previous by Thread: Re: RFC: New security model secmodel_securechroot(9)
Next by Thread: Re: RFC: New security model secmodel_securechroot(9)
Indexes:

Home | Main Index | Thread Index | Old Index