On Fri, 19 Jul 2002, Greg KH wrote: > > It includes the default capabilities module, which should > be selected in the kernel configuration if you want to keep the existing > "normal Linux" capabilities mode. Greg, may I suggest one more changeset that sets define_bool CONFIG_SECURITY_CAPABILITIES y and thus people would have to explicitly disable it by editing the config.in files to not get the capabilities we already expect.. In particular, for all I know there may be programs like sendfile that depend on capabilities today, and while they may abort gracefully without them, I do absolutely _not_ want to be in the situation where people can, by mistake, end up in a situation where they think they are secure, but their programs depend on security that they have disabled. Alternatively, just explain to me why this is a non-issue. I looked at the patches, but without delving into them much more deeply I just don't have the background. [ Side note: I've pulled the thing into my tree, I just don't want to push it out to anybody else again before this has been clarified to me .. ] Linus _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sat Jul 20 2002 - 09:25:40 PDT