Melanie <melanie(a)t-data.com> writes:
On 2003.11.19 00:00 Paul Davis wrote:
i don't think they want them even compiled
into the kernel. think
about it: the security model they present is very complex, and very
distributed through the entire kernel. i don't think anyone could say
with complete confidence that even if you do not use the cmdline arg
that the presence of capabilities support does not pose a security issue.
Well, capabilities are _always_ compiled into the kernel. The only
thing changed to enable them are two static data values, specifically
the ones used to start init with. This happens in one place and one
place only. Instead of #defines, these could be globals. Of course
they would need to be set before init is run, so a kernel command line
parameter is the only place it can be done easily.
This is true. It would be easy to change and only affects two values.
But, if you consider the situation of servers running in a colocate
environment, many sysadmins would want to prevent even people with
physical access to the machine from being able to change their
security model so drastically.
--
joq