[cap-talk] POSIX capabilities and standard Posix ambient authority.

[Rob J Meijer]

With a.a. the newer linux kernels implementing the new 'at' set of
proposed posix calls, and with the ptrace pains concerned with trying to
do POLA
on posix systems, maybe now would be a good time to see if POSIX capabilities
combined with the 'at' set of syscalls could not be extended in a way to
facilitate efficient and usefull mechanisms.

I know that (mostly due to the misusage of the term) POSIX/Linux
capabilities have kind of a negative reputation here, but I feel that if
we would invest some time in them in order to make POSIX systems that now
implement the 'at' extentions usable.

Although commonly only 'priviledged' (that is traditionally superuser) calls
are defined with POSIX capabilities, but would there realy be a problem
trying to propose a 'single' POSIX capability to hold 'all' posix interfaces
that imply ambient authority?

Do you guys think it viable to try to together write a proposal (and if
possible implement it as a patchset for linux) that defines
CAP_AMBIENT_AUTHORITY as POSIX capability, defining all the syscalls and
possibly syscall/attribute combinations that are covered by this?

I would be very interested to know how you guys feel about this.

Rob J Meijer