RFC: capability to limit/allow access to various system info

[Casey Schaufler]

Marek Habersack wrote:


> ... I thought it would be good to have a capability,
> say CAP_SYS_INFO, that would allow access to some system
>information (right now only quotas and resource limits come to my mind) > for non UID0 processes.
> I think adding such thing to the kernel wouldn't be too hard, only a
> question remains whether it makes sense or not?

Capability granularity is a touchy issue. What you're proposing is
having seperate capabilities for READ and WRITE access to a set
of information. The first question to ask is why reading the
information requires privilege in the first place. It could just be
that the original implementer was lazy (happens in Unix all the time)
and couldn't see any reason for unprivileged users to look at it.
If that's the case, the Right Thing(tm) to do is allow reasonable
access (e.g. maybe just the user's own information) to everyone.
If there's some reason why the information shouldn't be available
and there are reasonable cases where you'd want to look but not
touch a seperate capability might be in order.

Be wary of adding capabilities. One vendor decided to use seperate
capabilities for each possible thing and ended up with 330!

-- 

Casey Schaufler                         voice: (650) 933-1634
casey en sgi.com                           fax:   (650) 933-0170

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo en vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/