Re: Stack Smashing and no-exec

H. Peter Anvin (hpa@transmeta.com)
Fri, 7 Aug 1998 18:45:31 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alex Buell: "Re: Antw: Re: CIPE - Encrypted IP Encapsulation"
Previous message: Jon M. Taylor: "Re: Stack Smashing and no-exec"

> > of things are setuid root so they can bind a reserved port, for
> > example. I'll be a lot happier when I can run named as a normal user!
> ^^^^^^^^^^^
>
> Would this be done, or would you have a user that has the
> additional priv of being able to bind to that specific port? That is,
> would capabilities be bound to a specific user like group membership is
> now? Or would capabilities be bound to a group instead? Also, how would
> these capabilities be defined? Would there be categories and/or any sort
> of hierarchy to subcategorize the set of all possible capabilities, or
> would it just be one long list of stuff, each capability standing alone?

No, capabilities as done so far are more like "partial-roots"; they
are per-process, and you can either drop them or run a "set-cap"
program, as far as I understand.

-hpa

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Alex Buell: "Re: Antw: Re: CIPE - Encrypted IP Encapsulation"
Previous message: Jon M. Taylor: "Re: Stack Smashing and no-exec"