On Fri, 19 May 2000, Alan Cox wrote:
> > >the X11 interface unpriviledged - after all it is just display not real time
> > >tied. When you get to video playback you get X and stuff involved and it
> > >does get harder.
> >
> > What do I start reading to catch up on capabilities ?
>
> include/linux/capability.h
>
> The root powers are divided up into about 25 subsets, so an suid program
> can start by dropping all but those it needs. They dont always line up ideally
> with needs but more work can be done there in 2.5
25 subsets which are distinctly non-orthogonal :-( Without a lot of work,
quite a few can be used to gain some or all of the others, e.g.
CAP_MODULE, CAP_SYS_RAWIO, CAP_DAC_OVERRIDE, CAP_SETUID
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:17 EST