[RndTbl] Linux capabilities vs setuid-root

Dan Keizer dan at keizer.ca
Tue Sep 15 22:58:13 CDT 2015

Dare I say it ... VMS ;-)

On Tue, Sep 15, 2015, 22:55 Adam Thompson <athompso at athompso.net> wrote:

> Lol.
> Actually, OpenBSD has removed sudo (and replaced it with doas). FreeBSD
> was an early entrant to the Capabilities game with Capiscum, which
> continues to be one of the leading platforms for it. No idea what NetBSD
> does.
> On the other hand, Solaris and AIX (at least) have had Capabilities for at
> least 15yrs while no-one else noticed. IIRC, UnixWare had them back in 1993!
> So, really, anyone who thinks this is *new* technology that Linux is
> introducing (and aren't we just so much more advanced than everyone
> else)... sorry, dead wrong.
> (Even *Windows* has had this since the early 90s.)
> -Adam
> On September 15, 2015 8:23:07 PM CDT, Trevor Cordes <trevor at tecnopolis.ca>
> wrote:
>> On 2015-09-09 Gilbert E. Detillieux wrote:
>>>  I mentioned Linux capabilities (setcap/getcap commands) briefly
>>>  during last night's round-table session, and Trevor mentioned that he
>>>  thought that recent Fedora releases had eliminated the use of
>>>  setuid-root binaries in favour of capabilities-based binaries.
>>>  (That's the stated goal, in any case.)
>> Ya, I thought it over and checked my system and it turns out I was
>> thinking about suid scripts; perl in particular.  An update or two ago
>> they got rid of suid perl completely, as in made it impossible, and I
>> had to scramble to get some things to work by using sudoers (not
>> capabilities).  I guess caps are the next Big Thing.  I'll wait until
>> they disable sudoers... (yes Adam, *BSD, grumble grumble.)
>> ------------------------------
>> Roundtable m!
>>  ailing
>> list
>> Roundtable at muug.mb.ca
>> http://www.muug.mb.ca/mailman/listinfo/roundtable
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150916/b78ba142/attachment.html>

More information about the Roundtable mailing list