1 |
Nikos Chantziaras <realnc@×××××.com> wrote: |
2 |
|
3 |
> > Would you call someone who shoots himself into the foot "smart"? |
4 |
> > |
5 |
> > Recent Linux kernels support fcaps in the filesystems and "somebody" evil, who |
6 |
> > knows what he does may even set up fcaps on executable files when the related |
7 |
> > support-software is not installed, just because the unstable kernel interfaces |
8 |
> > are accessible from libc. |
9 |
> > |
10 |
> > Do you like people to be able to open security holes? |
11 |
> |
12 |
> You don't know what my intentions are and why I want to disable libcap. |
13 |
> I have my reasons. This happens because it is actually possible to |
14 |
> disable it. |
15 |
|
16 |
I explained why not having libcap by default is a security risk. |
17 |
|
18 |
You would need to explain your reasons, I currently cannot see a valid |
19 |
reason to exclude a very small piece of security relevant software. |
20 |
|
21 |
> If you really don't like that, then you should probably make libcap |
22 |
> mandatory. Assume it's there, and if it's not, the user should get |
23 |
> compile errors. |
24 |
|
25 |
If you don't like my explanations, you are free to explain your reasons. |
26 |
|
27 |
> But as long as it's not mandatory, I have my reasons why I would want to |
28 |
> disable it, just as I have my reasons why I would want to explicitly |
29 |
> enable it. What if autodetection fails? If I use the appropriate |
30 |
> "enable libcap" flag, and libcap is not there, or it's broken, or |
31 |
> whatever, I don't want to get a build that's now insecure. I want the |
32 |
> build to abort with a big, fat error. |
33 |
> |
34 |
> I think you're too used to binary distros and Solaris to appreciate the |
35 |
> different requirements of source-based distros :-) |
36 |
|
37 |
Solaris is source based too..... |
38 |
|
39 |
The real difference to Linux is that Solaris uses a kernel that is |
40 |
auto-adjusting to the hardware and usage because it is fully dynamically loaded |
41 |
and because all parameters adjust themself to any needed value as long as there |
42 |
is enough kernel memory. |
43 |
|
44 |
Linux has a large statically linked part and in theory you may be able to |
45 |
compile it without capabilities, but then you would still need to have the |
46 |
userland support-code available to permit userland programs to find out whether |
47 |
the current kernel includes support or not. |
48 |
|
49 |
...it is a matter of understaning security related constraints... |
50 |
|
51 |
Jörg |
52 |
|
53 |
-- |
54 |
EMail:joerg@××××××××××××××××××××××××.de (home) Jörg Schilling D-13353 Berlin |
55 |
js@××××××××××××.de (uni) |
56 |
joerg.schilling@××××××××××××××××.de (work) Blog: http://schily.blogspot.com/ |
57 |
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily |