Re: Fedora 11: moving to posix file capabilities?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Oct 29, 2008 at 6:37 AM, Panu Matilainen
<pmatilai@xxxxxxxxxxxxxxx> wrote:
>
> Hate to interrupt the tty1 vs tty7 debate but...
>
> We have kernel support for storing capabilities on filesystem since 2.6.24
> and recent libcap, both in F9 already. I just committed file capability
> support to rpm.org HEAD, filling in the final(?) missing piece. Capability
> support is not going to be in rpm 4.6.0 but no reason they can't be pulled
> into 4.6.1 which is easily in F11 timeframe.
>
> Are we ready to start considering moving away from SUID bits to
> capabilities, in Fedora 11 maybe?

Note that from the desktop direction we've been moving the OS away
from exec-based domain transitions to message passing (e.g. PolicyKit)
for a variety of reasons.  I think it might be worth considering
introducing a rule actually in Fedora for "no new SUID/fcap binaries",
or at least they would have to pass some sort of robust review
process.

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux