[GLLUG] Does anyone use Linux capabilities ?
Richard W.M. Jones
rich at annexia.org
Fri Nov 14 09:17:07 UTC 2014
On Tue, Oct 28, 2014 at 04:47:13PM +0000, Alain Williams wrote:
> Just wondering ... these have been in the kernel for getting on to 20 years. One
> of those things on my 'must get round to learning & using' list.
>
> Do any of you use them ? If so, what for ?
>
> If you do not know what I am talking about go:
>
> man capabilities
>
> man capsh
They have no particular theoretical basis, so I doubt using
capabilities makes you much more secure. See for example:
https://lwn.net/Articles/486306/
and this:
https://forums.grsecurity.net/viewtopic.php?f=7&t=2522&sid=c6fbcf62fd5d3472562540a7e608ce4e#p10271
Rich.
--
Richard Jones
Red Hat
More information about the GLLUG
mailing list