Re: [PATCH] Capabilities, this time in elf section

Ernest JW ter Kuile (terkuile@KVI.nl)
Fri, 09 Apr 1999 18:42:58 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ravi Wijayaratne: "Online Kernel Debuggers"
Previous message: Orlando Andico: "CPU affinity"
Maybe in reply to: Pavel Machek: "[PATCH] Capabilities, this time in elf section"
Next in thread: Ernest JW ter Kuile: "Re: [PATCH] Capabilities, this time in elf section"

Ingo Molnar wrote:
>
> being able to set the setuid root bit is [should be?] a capability itself,
> root does not ...
>

no it isn't !

that bit isn't a setuid *root* bit at all if the owner of the file isn't
root.
anybody should still be able to set that bit if he want. the capability
you mean is the chown/grp capability.

*don't* change the meaning of the setuid bit please.

you can however remove root if there is somwhere a database of personal
capabilities per user (ala passwd, shadow, etc...), then by setting
setuid to
any user, a binary could get a subset (or all) of *that* users
capabilities and no more.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ravi Wijayaratne: "Online Kernel Debuggers"
Previous message: Orlando Andico: "CPU affinity"
Maybe in reply to: Pavel Machek: "[PATCH] Capabilities, this time in elf section"
Next in thread: Ernest JW ter Kuile: "Re: [PATCH] Capabilities, this time in elf section"