The unix model for a long time has been that
the user has a set of rights W
the mount takes away a subset X
the file systems adds a subset Y
the binary drops a subset Z
So this is quite consistent - as its being able to do
mount /dev/hda /home -odrop_capabilities=raw_socket,setfsuid,...
So it seems to follow quite logically with what we have now. Right at the
moment a setuid binary basically gets to be setuid, not setuid and thats
about it. Now it can be granular
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu