On Fri, Dec 7, 2012 at 5:10 PM, Rob Landley <r...@landley.net> wrote: > On 12/07/2012 01:32:18 PM, Andy Lutomirski wrote: >> >> On Fri, Dec 7, 2012 at 11:21 AM, Serge Hallyn >> <serge.hal...@canonical.com> wrote: >> > Quoting Andy Lutomirski (l...@amacapital.net): >> >> Signed-off-by: Andy Lutomirski <l...@amacapital.net> >> >> --- >> >> Documentation/security/capabilities.txt | 161 >> >> ++++++++++++++++++++++++++++++++ >> >> 1 file changed, 161 insertions(+) >> >> create mode 100644 Documentation/security/capabilities.txt >> > >> > TBH, I think a pointer to the capabilities.7 man page would be better. >> > (plus, if you feel they are needed, updates to the man page) >> >> Updating capabilities.7 wouldn't be a bad idea, but IMO it certainly >> needs work. For example, it says: > > ... > >> I would be happy to revise this patch to reference capabilities.7. > > > The capabilities.7 man page is existing maintained documentation on how to > use this from userspace, which seems to be the point of your document. > Having include/linux/uapi/capability.h mention its existence might be good. > Feeding fixes to the documentation we've already got would be good. > > I read your document having largely ignored capabilities for years, and > don't feel I have a better understanding of them after reading it. (I'm > aware they exist, I'm aware they're used as a justification for extended > attributes, I'm aware people think breaking a fireplace into a bunch of > candleflames increases fire safety. I'm aware of > http://forums.grsecurity.net/viewtopic.php?f=7&t=2522 and I _used_ to be > aware of > http://userweb.kernel.org/~morgan/sendmail-capabilities-war-story.html but > kernel.org never bothered putting most of itself back together after the > breakin last year and archive.org doesn't have a copy. I'm aware that a > decade ago at Atlanta Linux Showcase in california Ted Tso was sad nobody > was using them yet. But I haven't hugely been tracking changes over the last > 5 years in how they work. It looks like figuring out who has what involves > working through exercises in set theory that cannot be explained using a 127 > bit ascii set. Personally, I prefer "more dangerous" security setups that > don't require I pull out scratch paper to reason about the state of the > system, so perhaps I'm biased here.)
Heh. I agree this stuff is shockingly complicated. (And this document isn't wriiten in ASCII...) I actually wrote this file because I was reading the code and trying to figure out wtf was going on. This is the result :) I'll see if I can improve capabilities.7. Any pointers to things you wanted to understand? --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/