Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited

• Next message: Mike Galbraith: "Re: loop device deadlocks"
• Previous message: Jeff Garzik: "Re: 2.4.0-test1-ac15, 2.2.14: hwclock hangs on /dev/rtc"
• In reply to: Jesse Pollard: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Next in thread: Albert D. Cahalan: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> >It is certainly not less secure than regular setuid: by analogy, you
> >can have non-readable setuid program. And how do you know what
> >capabilities it will use?
>
> If it is setuid it will use any/all privileges given the uid.

No. That program could have priviledge dropping code at beggining of
main, and thus use only subset. It also could have elfcap header,
which is equivalent.

> >Okay, shell we agree that this is not worse than current situation?
>
> I Never ment that it was worse. I just see it as limiting future development,
> both of capabilities and the executable format.

Hooray!

                                                                Pavel

-- 
The best software in life is free (not shareware)!		Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Mike Galbraith: "Re: loop device deadlocks"
• Previous message: Jeff Garzik: "Re: 2.4.0-test1-ac15, 2.2.14: hwclock hangs on /dev/rtc"
• In reply to: Jesse Pollard: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Next in thread: Albert D. Cahalan: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:15 EST