From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-dev+bounces-30026-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1JdUxn-0000bG-IT
for garchives@archives.gentoo.org; Sun, 23 Mar 2008 18:30:36 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 02740E0545;
Sun, 23 Mar 2008 18:30:34 +0000 (UTC)
Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169])
by pigeon.gentoo.org (Postfix) with ESMTP id AE4C1E0545
for <gentoo-dev@lists.gentoo.org>; Sun, 23 Mar 2008 18:30:33 +0000 (UTC)
Received: by ug-out-1314.google.com with SMTP id j3so1897359ugf.49
for <gentoo-dev@lists.gentoo.org>; Sun, 23 Mar 2008 11:30:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
bh=XfDWc1ckffatYnwxO6JrV4zn4VoqFLN0LM3pw04bqCo=;
b=mWqyKAbn3CPpEgsxw+J970F6iJisZql8DjvNH4xtM8DSSqa+8C+tu10ruoFNItF4fCB1SDwr1oXEC2MkqrPigFhlNrXA96lXDErKNo21a0yuw3dSsfsni3+ILxpnZMQSgfziZdDPY8YWhJatjIMK9WsNabqoNbKjgvmqi5g8LqI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=beta;
h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
b=glEh01devRmScYytZfKk2JllvXznkMS7AfaYf4FrBme6Uty+Us24bEhVK380bwn1nPfkvJVXsqKpFtLs5GJuVpV7/blMc649PSUNmRv7ggW9JLFDgMDmrRasmTSfkF/c9MacVHTmDHA1ab3BRcppBeSdXKJeFXytQ7qDk2c0mqY=
Received: by 10.66.244.2 with SMTP id r2mr4083003ugh.64.1206297033050;
Sun, 23 Mar 2008 11:30:33 -0700 (PDT)
Received: by 10.66.225.9 with HTTP; Sun, 23 Mar 2008 11:30:32 -0700 (PDT)
Message-ID: <9e0cf0bf0803231130h3710b6c3g15ce46dc46bbe6c@mail.gmail.com>
Date: Sun, 23 Mar 2008 20:30:33 +0200
From: "Alon Bar-Lev" <alonbl@gentoo.org>
Sender: alon.barlev@gmail.com
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [SECURITY] Minimizing the suid usage
In-Reply-To: <20080323182645.76fc5c86@snowcone>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <9e0cf0bf0803231121t75eb67abu60f17f54086dd32@mail.gmail.com>
<20080323182645.76fc5c86@snowcone>
X-Google-Sender-Auth: bfdc0e1972377983
X-Archives-Salt: 9cf9f145-18ae-4515-ac57-1d8552254b93
X-Archives-Hash: 91d6541108b980895cd1b4d8a1571e2f
On 3/23/08, Ciaran McCreesh <ciaran.mccreesh@googlemail.com> wrote:
> On Sun, 23 Mar 2008 20:21:29 +0200
> "Alon Bar-Lev" <alonbl@gentoo.org> wrote:
> > linux-2.6.24 supports file based capabilities via:
> > CONFIG_SECURITY_FILE_CAPABILITIES
> >
>
> > This will provide more secured installation for users with a little
> > effort, less usage of root user.
> >
> > What do you think?
>
>
> Needs package manager support. Effectively this requires an EAPI bump,
> since ebuilds need to know whether they can rely upon caps being
> preserved across a merge or whether they have to degrade to a setuid
> bit.
Why? A simple USE flag should be enough, if set use caps, if not use current.
Alon.
--
gentoo-dev@lists.gentoo.org mailing list