The meaning of Posix.1e

After Unix software had been plagued by security holes during the 1990ies, there was a discussion how to define and implement standardized security mechanisms. Almost fifteen years have passed since. Open the Linux man page 'capabilities' and you'll see the result of the discussion, though it's not a general answer.

The challenge was to follow a standard in order to assure portability within POSIX conformant systems. Such a standard was Posix.1e. It was abandoned and only available to Posix members. Courtesy to the IEEE and with the help of Casey Schaufler, the former technical editor of the standards, I obtained permission for limited public distribution in June 1999.

Why Posix.1e was abandoned is difficult to understand from today's (July 2014) point of view. Solaris, Irix, Linux, and probably other Unices seemed to recognize the standard. On the other hand the FreeBSD project found counter arguments and didn't integrate capabilities ('fine grained privileges') by default.

To leave no room for misunderstandings, the download page is separate from my private rantings.