[RndTbl] Linux capabilities vs setuid-root

Adam Thompson athompso at athompso.net
Tue Sep 15 22:55:16 CDT 2015


Lol.
Actually, OpenBSD has removed sudo (and replaced it with doas).  FreeBSD was an early entrant to the Capabilities game with Capiscum, which continues to be one of the leading platforms for it.  No idea what NetBSD does.
On the other hand, Solaris and AIX (at least) have had Capabilities for at least 15yrs while no-one else noticed.  IIRC, UnixWare had them back in 1993!
So, really, anyone who thinks this is *new* technology that Linux is introducing (and aren't we just so much more advanced than everyone else)... sorry, dead wrong.
(Even *Windows* has had this since the early 90s.)
-Adam


On September 15, 2015 8:23:07 PM CDT, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>On 2015-09-09 Gilbert E. Detillieux wrote:
>> I mentioned Linux capabilities (setcap/getcap commands) briefly
>> during last night's round-table session, and Trevor mentioned that he
>> thought that recent Fedora releases had eliminated the use of
>> setuid-root binaries in favour of capabilities-based binaries.
>> (That's the stated goal, in any case.)
>
>Ya, I thought it over and checked my system and it turns out I was
>thinking about suid scripts; perl in particular.  An update or two ago
>they got rid of suid perl completely, as in made it impossible, and I
>had to scramble to get some things to work by using sudoers (not
>capabilities).  I guess caps are the next Big Thing.  I'll wait until
>they disable sudoers... (yes Adam, *BSD, grumble grumble.)
>_______________________________________________
>Roundtable mailing list
>Roundtable at muug.mb.ca
>http://www.muug.mb.ca/mailman/listinfo/roundtable

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.muug.mb.ca/pipermail/roundtable/attachments/20150915/b3490eb0/attachment.html>


More information about the Roundtable mailing list