Re: Fedora 11: moving to posix file capabilities?

[Chris Adams <cmadams hiwaay net>]

Once upon a time, Jon Masters <jonathan jonmasters org> said:
> Personally I think switching to fully POSIX file caps is a wonderful
> idea for sometime around 2010 or a bit later, but it's not practical for
> regular system utilities that might be sitting on older filesystems to
> do this today. Root NFS will break, many custom spins, just a lot of
> stuff is going to be very unhappy if we start doing this.

Would it be possible to implement capabilities in a backwards compatible
fashion?  For example, still have e.g. /bin/ping setuid-root, but also
have capabilities assigned, and have the capabilities override
setuid-root (if capabilities are assigned the setuid/setgid bits are
ignored).

If you are running from a filesystem where capabilities are not
supported (or are not passed from server to client as in the case of
NFS), you'd just get the "old-fashioned" setuid/setgid effect and things
would still work.  If you _do_ see the capabilities, you ignore the
setuid/setgid flags and only assign the requested capabilities and get
the benefits of fine-grained security.
-- 
Chris Adams <cmadams hiwaay net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.