El Miércoles, 26 de Julio de 2006 11:52, Herbert Poetzl escribió: > On Sun, Jul 23, 2006 at 03:30:58PM -0300, Sergio Belkin wrote: > > Excuse me for the 1/2 OT but I was searching in the web, > > and I am surprised the little documentation about capabilities. > > a quick google search gave those: > > http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq >-0.2.txt http://www.gentoo.org/proj/en/hardened/capabilities.xml > http://www.securityfocus.com/infocus/1400
Thanks for these links! > > > I've read that capabilities is something no so good. > > well, I don't know what you did read, but IMHO the > following statements hold some truth: > > - capabilities are a good concept to break down > super user powers into smaller chunks > > - the posix capability system was designed more > powerful than the current linux capability > system implementation > > - giving (too many) capabilities to guests in a > Linux-VServer system (except for the default set) > reduces security and is in general considered a > bad idea :) Herbert, I read that: http://lwn.net/Articles/79185/ amongs other articles, that I missed the links :S > > > But, however, it seems that on vserver works well. > > yes, Linux-VServer uses the capability system to > make the guests 'secure' > > > Could somebody explain me why? > > why we use it? or why it works quite fine? or what? Why is the capabilities little known?! Well all in all, I wrote an article about capabilities in spanish on http://sourcereports.blogspot.com/ in spanish :) > > > Is all of this a matter of ignorance on this topic? > > I don't think so :) > > HTH, > Herbert > > > TIA > > -- > > Sergio Belkin > > Soluciones Informáticas Open Source > > Mandriva Authorized Solutions Provider > > http://www.escritorioya.com.ar (011) 4788-8605 // Cel. 15-5494-5143 > > ---------------------------------------- > > _______________________________________________ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver -- Sergio Belkin Soluciones Informáticas Open Source Mandriva Authorized Solutions Provider http://www.escritorioya.com.ar (011) 4788-8605 // Cel. 15-5494-5143 ---------------------------------------- _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
