[RndTbl] Linux capabilities vs setuid-root
Dan Keizer
dan at keizer.ca
Tue Sep 15 22:58:13 CDT 2015
Dare I say it ... VMS ;-)
On Tue, Sep 15, 2015, 22:55 Adam Thompson <athompso at athompso.net> wrote:
> Lol.
> Actually, OpenBSD has removed sudo (and replaced it with doas). FreeBSD
> was an early entrant to the Capabilities game with Capiscum, which
> continues to be one of the leading platforms for it. No idea what NetBSD
> does.
> On the other hand, Solaris and AIX (at least) have had Capabilities for at
> least 15yrs while no-one else noticed. IIRC, UnixWare had them back in 1993!
> So, really, anyone who thinks this is *new* technology that Linux is
> introducing (and aren't we just so much more advanced than everyone
> else)... sorry, dead wrong.
> (Even *Windows* has had this since the early 90s.)
> -Adam
>
>
> On September 15, 2015 8:23:07 PM CDT, Trevor Cordes <trevor at tecnopolis.ca>
> wrote:
>
>> On 2015-09-09 Gilbert E. Detillieux wrote:
>>
>>> I mentioned Linux capabilities (setcap/getcap commands) briefly
>>> during last night's round-table session, and Trevor mentioned that he
>>> thought that recent Fedora releases had eliminated the use of
>>> setuid-root binaries in favour of capabilities-based binaries.
>>> (That's the stated goal, in any case.)
>>>
>>
>> Ya, I thought it over and checked my system and it turns out I was
>> thinking about suid scripts; perl in particular. An update or two ago
>> they got rid of suid perl completely, as in made it impossible, and I
>> had to scramble to get some things to work by using sudoers (not
>> capabilities). I guess caps are the next Big Thing. I'll wait until
>> they disable sudoers... (yes Adam, *BSD, grumble grumble.)
>> ------------------------------
>>
>> Roundtable m!
>> ailing
>> list
>> Roundtable at muug.mb.ca
>> http://www.muug.mb.ca/mailman/listinfo/roundtable
>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150916/b78ba142/attachment.html>
More information about the Roundtable
mailing list