[systemd-devel] SD_BUS_VTABLE_CAPABILITY
Andy Lutomirski
luto at amacapital.net
Mon Apr 20 08:08:28 PDT 2015
On Apr 20, 2015 7:57 AM, "Lennart Poettering" <lennart at poettering.net>
wrote:
>
> On Fri, 17.04.15 09:14, Andy Lutomirski (luto at amacapital.net) wrote:
>
> > My point here is that there's no real shortage of downsides to this
> > scheme, and there still appears to be little to no benefit.
>
> Well, let's turn this around. You seem to really dislike caps. And you
> vaguely claim security holes, which we have shown know don't
> exist. So, now, can you clearly explain why precisely you dislike them
> so much still? And something more technical then "systemd shouldn't
> use them" or "i don't like them", or "they should only be used in the
> kernel", because these are not technical reasons, they are just claims
> of personal taste.
>
> I will grant you that they aren't particularly expressive, and I will
> grant you that one day there might be better concepts. But that's not
> a strong reason not to support them really, that's just a reason to
> later add support for something better.
Technical reasons:
1. They can't be usefully delegated to a namespace.
2. The set of caps that exist is controlled by the kernel, whereas the set
of dbus methods is large and controlled by userspace. Caps can't scale to
accommodate flexble userspace policies.
3. They don't appear to add value, and avoiding unnecessary complexity is
good.
4. They suck. This is a technical issue -- the kernel doesn't allow
flexible assignments of caps to processes. This is a problem for kernel
API users and it will be a problem for you.
--Andy
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150420/684036bb/attachment.html>
More information about the systemd-devel
mailing list