On Sun, Jul 23, 2006 at 03:30:58PM -0300, Sergio Belkin wrote: > Excuse me for the 1/2 OT but I was searching in the web, > and I am surprised the little documentation about capabilities.
a quick google search gave those: http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt http://www.gentoo.org/proj/en/hardened/capabilities.xml http://www.securityfocus.com/infocus/1400 > I've read that capabilities is something no so good. well, I don't know what you did read, but IMHO the following statements hold some truth: - capabilities are a good concept to break down super user powers into smaller chunks - the posix capability system was designed more powerful than the current linux capability system implementation - giving (too many) capabilities to guests in a Linux-VServer system (except for the default set) reduces security and is in general considered a bad idea :) > But, however, it seems that on vserver works well. yes, Linux-VServer uses the capability system to make the guests 'secure' > Could somebody explain me why? why we use it? or why it works quite fine? or what? > Is all of this a matter of ignorance on this topic? I don't think so :) HTH, Herbert > TIA > -- > Sergio Belkin > Soluciones Informáticas Open Source > Mandriva Authorized Solutions Provider > http://www.escritorioya.com.ar (011) 4788-8605 // Cel. 15-5494-5143 > ---------------------------------------- > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
