i believe that one of the points of capabilities is that once you've dropped
something, you can't take it back. i.e. you can't gain a root bash shell
because you broke thru a hole.
> Doesn't anyone believe in the principle of least astonishment? :-(
certainly. if you don't want astonished, don't jump through hoops to become
that user. use an initial login.
if you set userlimits on username joe then switch users to jack, you are
still underneath the limits imposed on joe. if joe isn't allowed to have X
resources, then he can't cheat by switching to jack's account.
in order to gain more resources, you must gain root privileges to extend
them. by denying users the magic money-from-nothing, you're making the
system a little more secure.
-d
-- This is Linux Country. On a quiet night, you can hear Windows NT reboot! Do you remember how to -think- ? Do you remember how to experiment? Linux __ is an operating system that brings back the fun and adventure in computing. \/ for linux-kernel: please read linux/Documentation/* before posting problems
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/