[KLUG Members] New security tool

Adam Williams members@kalamazoolinux.org
06 Jul 2002 21:09:01 -0400

Previous message: [KLUG Members] OpenOffice 641D
Next message: [KLUG Members] Excessive XML Month Reminder!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was burrowing through PAM announcements this morning and discovered
that the capability support in the kernel is now operational.  In the
past Linux/UNIX services (sendmail, ntp, httpd) have had to start as
root (setuid) and then shed root privilages in order to bind to a port. 
Or just run setuid to be able to modify the system clock, etc...  Very
all or nothing.  Capabilities lets the admin grant specific capabilities
to a non-privilages process: bind to port below 1024, modify system
clock, reboot system, adjust process priorities, etc....  This is a big
step forward, and in conjunction with Kerberos V one should be able to
construct an almost bullet proof system.  I personally dream of the day
when the whole concept of "superuser" has faded away.


ftp://ftp.guardian.no/pub/free/linux/capabilities/capfaq.txt
file:///usr/src/linux/include/linux/capability.h
http://freshmeat.net/projects/pam_capability/

Previous message: [KLUG Members] OpenOffice 641D
Next message: [KLUG Members] Excessive XML Month Reminder!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]