> > Exporting it in /proc probably _is_ a good idea.
> > You can just disallow access to other users and
> > return zero when p->euid!=p->uid.
>
> Exporting cap_used is a good idea. I still don't think exporting
> cap_dirty is a good idea since you have to know that none of the bits
> in cap_dirty were tainted in a process whose euid!=current->euid.
We should probably make the cap_dirty only readable to
someone with uid=p->euid or uid=0. My idea about not
exporting the cap_dirty on an uid change was a really
bad one, now I think about it some more :)
Rik.
+-------------------------------------------+--------------------------+
| Linux: - LinuxHQ MM-patches page | Scouting webmaster |
| - kswapd ask-him & complain-to guy | Vries cubscout leader |
| http://www.phys.uu.nl/~riel/ | <H.H.vanRiel@phys.uu.nl> |
+-------------------------------------------+--------------------------+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu