Originally Published: Wednesday, 20 October 1999 Author: Jim Hewlett
Published to: enchance_articles_security/Advanced Security Articles Page: 1/1 - [Std View]

Linux Capabilites
By Jim Hewlett
October 20 - 26

There will be undiscovered holes in software, and we want to minimize the impact a breach in a daemon or service will have on your machine. This idea of hardening your system is what this article focuses on. Traditional unix has the root user which can do anything, read, write, whatever...

Linux Capabilities

There will be undiscovered holes in software, and we want to minimize the impact a breach in a daemon or service will have on your machine. This idea of hardening your system is what this article focuses on. Traditional unix has the root user which can do anything, read, write, whatever. You know the drill. Obviously this is a problem if your machine is cracked, the attacker now has control over your machine. Let's say, for example, your car breaks down and you have to take it in to the local garage to have it fixed. You would give the mechanic the keys to your car only. It would be silly to also give the mechanic the keys to your house, mailbox, job, or whatever else. Traditional root user exit stage left, Linux Capabilities enter stage right.