> From: G. Sumner Hayes <sjhalpar@yahoo.com>
> Subject: Re: caps in elf, next itteration (the hack get's bigger)
>
> Richard Gooch writes:
> > I don't see the problem. A suid-root binary is immutable for everyone
> > but root. Only root can grant capabilities.
>
> No. Wrong.
>
> It's statements like this that are frustrating to people who want a
> real capabilities-based system. On a capabilities-based system, there
> is no root. UID 0 may not be an administrative account; it may be
> just another user. That's unlikely to happen in the near-term with so
> many assumptions out there about UID 0, but it is an eventual goal of
> a capabilities based system. Any design that automatically gives
Looks like a -really- stupid idea to assign a normal user to UID 0 - just
to big a security hole with all those legacy programs floating around. Use
it for something special, like no user or something else instead. 0 IS a
special number, which can be easily tested against (if (!number) .. - I
know this is bad C, but you get my point...)
Chipzz AKA
Jan Van Buggenhout
--------------------------------------------------------------------------
UNIX isn't dead - It just smells funny
Xp@Ace.ULYSSIS.Student.KULeuven.Ac.Be
--------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/