> >It is certainly not less secure than regular setuid: by analogy, you
> >can have non-readable setuid program. And how do you know what
> >capabilities it will use?
> If it is setuid it will use any/all privileges given the uid.
No. That program could have priviledge dropping code at beggining of
main, and thus use only subset. It also could have elfcap header,
which is equivalent.
> >Okay, shell we agree that this is not worse than current situation?
> I Never ment that it was worse. I just see it as limiting future development,
> both of capabilities and the executable format.
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to email@example.com Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:15 EST