Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited

From: Pavel Machek (
Date: Sun Jun 18 2000 - 09:18:06 EST


> >It is certainly not less secure than regular setuid: by analogy, you
> >can have non-readable setuid program. And how do you know what
> >capabilities it will use?
> If it is setuid it will use any/all privileges given the uid.

No. That program could have priviledge dropping code at beggining of
main, and thus use only subset. It also could have elfcap header,
which is equivalent.

> >Okay, shell we agree that this is not worse than current situation?
> I Never ment that it was worse. I just see it as limiting future development,
> both of capabilities and the executable format.



The best software in life is free (not shareware)!		Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:15 EST