On вт, 2004-09-21 at 17:58, Chris Gianelloni wrote:
> On Tue, 2004-09-21 at 10:45, Paul de Vrieze wrote:
> > On Tuesday 21 September 2004 16:21, Chris Gianelloni wrote:
> > > before they could use any acl, but I believe that they should be able to
> > > enable it in the kernel without having to have USE=acl... can anyone
> > > confirm this?  If not, I'll have to get some testing done on it.
> > 
> > Yes, you can enable it in the kernel without. Those patches mainly make 
> > coreutils, rsync and others acl aware, keeping acl's with files. You'll also 
> > want to have the attr and acl packages.
> 
> In that case, consider it removed from the 2004.3 cascaded profile,
> which I will be creating for x86 before too long.
Hi,
Could i suggest you include 'acl' in hardened 2004.3-stages & profiles?
running: #emerge system -epv | grep acl gives:
[ebuild  N    ] sys-apps/acl-2.2.13-r3  -debug +nls 0 kB
[ebuild  N    ] sys-apps/coreutils-5.2.1-r2  +acl -build -debug +nls
(-selinux) -static (-uclibc) 0 kB
[ebuild  N    ] net-misc/rsync-2.6.0-r3  +acl -build -debug -static 0 kB
[ebuild  N    ] app-editors/vim-core-6.3-r2  +acl -debug +ncurses +nls
(-selinux) 0 kB
[ebuild  N    ] app-editors/vim-6.3-r1  +acl -cscope -debug +gpm
-minimal +ncurses +nls +perl +python -ruby (-selinux) -vim-with-x 0 kB
(sys-apps/acl is only 121 KB in size).
There are 5 packages including sys-apps/acl which use acl in the base
system.
Besides this using ACL compliments grsec2 in protecting dirs and files.
Enabling ACL in the kernel for etx2/3, reiserfs, xfs completes the
picture for a hardened install.
Think that ACLs are good addition to ordinary Unix/Linux permissions.
Thanks.
Rumen