Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mastering POSIX File Capabilities

Posted by kdawson on Saturday December 22, 2007 @11:19AM from the wee-dram-of-privilege dept.

An anonymous reader passes along an IBM DeveloperWorks article on POSIX file capabilities, which have recently become available in the Linux kernel; they are expected in the mainline kernel by 2.6.24. POSIX file capabilities parcel out root user powers into smaller privileges. The article details how to program using file capabilities and how to switch on the ability of a system's setuid root binaries to use file capabilities.

1 of 80 comments (clear)

Min score:

Reason:

Sort:

I mastered them... by m2943 · 2007-12-22 22:21 · Score: 4, Insightful

by not using them. They are some holdover from a time when people thought that VMS was so much better than UNIX because it had so many more features.

The first principle of security is KISS, and they violate this principle big time.