Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mastering POSIX File Capabilities

Posted by kdawson on from the wee-dram-of-privilege dept.

An anonymous reader passes along an IBM DeveloperWorks article on POSIX file capabilities, which have recently become available in the Linux kernel; they are expected in the mainline kernel by 2.6.24. POSIX file capabilities parcel out root user powers into smaller privileges. The article details how to program using file capabilities and how to switch on the ability of a system's setuid root binaries to use file capabilities.

3 of 80 comments (clear)

  1. Re:Recently become available? by jd · · Score: 2, Insightful
    Patches for POSIX ACLs have existed for some time. Patches for controls in excess of POSIX have also existed for some time. Some filesystems have also supported ACLs (POSIX or their own) for some time, independently of the rest of the kernel. Linux also has very sophisticated security modules, including Linux capabilities and SELinux.

    Linux having full POSIX capabilities is good, but frankly there are getting to be too many wholly independent security mechanisms. That's not to say that a single system would be good for everyone, but rather there should be only a few fundamental mechanisms which can be skinned to look like any of the "standard" mechanisms. The skins would then replace most of the implemented mechanisms, they would merely be configuration details. This reduces the possibility of insecurity by having too many opportunities for bugs, without limiting the system admins.

    The biggest problem I see with the current system is that it isn't comprehensive. There's no easy way to provide trusted computing to memory (especially shared on the system, distributed or otherwise networked), security models generally don't work over clusters (eg: migrating a process from one machine to another won't necessarily migrate security labels or permissions), VNIC and Infiniband cards can RDMA direct into and out of memory without reference to security models, etc. This isn't a Linux problem, per se, in most cases. It's a hardware problem. Hardware is designed to be insecure, by design, and there is nothing any OS can do about such limitations.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  2. I mastered them... by m2943 · · Score: 4, Insightful

    by not using them. They are some holdover from a time when people thought that VMS was so much better than UNIX because it had so many more features.

    The first principle of security is KISS, and they violate this principle big time.

    1. Re:I mastered them... by audi100quattro · · Score: 2, Insightful

      Yes they do, give me memory/stack protection over POSIX ACL's any day.