> Here, allow me to give you some much better examples to think about:
>
> Many, MANY system services aren't run setuid root in the first place,
> because they are RUN by ROOT.
>
> your broken ass system:
>
> -rwsr-xr-x 1 root root 28240 Mar 24 23:55 portmap*
>
> Cool, we've modified portmap and crippled it's capabilities! Now, every
> binary that was formerly just _run_ by root is now setuid root! Sound
> good?
No! Why do you want to do it? If you only want to turn down
capabilities, put "loose_capabilities_please()" at first line of
main(). Or just add capabilities header but no marker - there is no
need for marker in this place.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/