[redhat-lspp] New pam src rpm with namespace
schaufler-ca.com - Casey Schaufler
casey at schaufler-ca.com
Fri Feb 17 16:50:57 UTC 2006
"Klaus Weidner" <klaus at atsec.com> Suggested:
> Hmmm, would it be feasible to subdivide
> CAP_SYS_ADMIN into individual
> extended capability bits, and have a
> backwards compatibility mode where
> these are ORed into a single bit?
If you do that you will find that
one set of programmers will use
the finer granularity and another
the coarser and there will be no
consistancy in your least privilege
policy. Try explaining that to an
evaluation team if you like. On
Trix we did that for one case,
where CAP_DAC_OVERRIDE was
CAP_DAC_READ and CAP_DAC_WRITE.
We did it to support a draft of POSIX.
We quickly removed all uses as
it was just too hard to deal with.
I will also include my standard
warning against excess in capability
granularity. Data General had 330
capabilities in their implementation,
and that's just too many. I claim
that you get most of the benifit of
capabilities even if you only have one,
so long as you seperate it from the
userid.
------------------------
Casey Schaufler
casey at schaufler-ca.com
650.906.1780
More information about the redhat-lspp
mailing list