On Sun, Jul 23, 2006 at 03:30:58PM -0300, Sergio Belkin wrote:
> Excuse me for the 1/2 OT but I was searching in the web,
> and I am surprised the little documentation about capabilities.
a quick google search gave those:
http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt
http://www.gentoo.org/proj/en/hardened/capabilities.xml
http://www.securityfocus.com/infocus/1400
> I've read that capabilities is something no so good.
well, I don't know what you did read, but IMHO the
following statements hold some truth:
- capabilities are a good concept to break down
super user powers into smaller chunks
- the posix capability system was designed more
powerful than the current linux capability
system implementation
- giving (too many) capabilities to guests in a
Linux-VServer system (except for the default set)
reduces security and is in general considered a
bad idea :)
> But, however, it seems that on vserver works well.
yes, Linux-VServer uses the capability system to
make the guests 'secure'
> Could somebody explain me why?
why we use it? or why it works quite fine? or what?
> Is all of this a matter of ignorance on this topic?
I don't think so :)
HTH,
Herbert
> TIA
> --
> Sergio Belkin
> Soluciones Informáticas Open Source
> Mandriva Authorized Solutions Provider
> http://www.escritorioya.com.ar (011) 4788-8605 // Cel. 15-5494-5143
> ----------------------------------------
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Jul 26 15:53:26 2006