Re: Filesystem Capabilities in 2.6?

Bernd Eckenfels (ecki@lina.inka.de)
Sun, 3 Nov 2002 17:40:43 +0100


On Sun, Nov 03, 2002 at 05:30:16PM +0100, Ragnar Kjørstad wrote:
> Unfortenately it will be much harder to find all executables with
> increased capabilities on your system.

Depends if you insert the capabilities/checksum into single files all over
your file system or in a central /etc/capabilities.conf file. The later is a
bit like other security linux distributions and has clearly the advantage of
beeing more obvious.

The scheme could be extended for non capability related integrity checking.
For exampel all root programs need to be listed there with checksums or
someting like that.

Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/