[ale] Linux Capabilities (?)

Bao C. Ha baoha at sensoria.com
Fri Jan 18 19:13:38 EST 2002



> 
> >
> > So, my question is, basically, 2-fold:  (1) What precisely is "linux
> > capabilities"?  I've heard the name, but all I'm coming up 
> with is "it's
> > like ACLs for Processes instead of files" which seems like 
> it's probably a
> > little ... inaccurate at the least :/  (2) Are they 
> "broken" in 2.4?  or is
> > bind-9.2 trying to do something that maybe used to be a 
> workaround to a
> > broken setup that isn't broken anymore?  Or maybe they were 
> just changed and
> > aren't broken either before or after but no longer work the 
> same and bind
> > needs to play with the new one?
> 

Capbilities is a POSIX thingy.  Basically, it allows a process to
start with "root" priviliges.  After the initialization is completed,
the process relinquishes its root priviliges.  It is now more secure
since it is more difficult to compromise the system, even if the
process is broken in.

Kernel 2.4 improves and extends capabilities.  The one that may
break Bind is the changes allow the process to retain priviliges
even after it has changed from root to non-root user.

Without knowing much about what is going on, I'll say it is a Bind
problem. ;-)

Bao

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list