POSIX capabilities

Discussion in 'all things UNIX' started by Gullible Jones, Feb 7, 2013.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Guest

    Something interesting (if rather old) that I found:

    ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt

    POSIX capabilities are still around in the 3.x kernels, you just need the getcap and setcap utilities. Among other things, you can use this to remove the need for Xorg to be setuid (though there are some wrinkles with non-KMS drivers).

    It doesn't look like capabilities can be used for any kind of policy sandboxing; OTOH I'm interested in to what extent they can replace setuid/setgid, because they seem like a much saner way of doing what's needed. So if anyone has experience using this stuff, please stop by and mention what you know...

    P.S. FreeBSD also supports POSIX capabilities. Unfortunately it looks like OpenBSD and NetBSD don't, though.
     
    Gullible Jones, Feb 7, 2013
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...