Re: [patch included] Re: using capabilities to allow debug of su

Andrew Morgan (morgan@transmeta.com)
Sat, 17 Apr 1999 14:54:33 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Theodore Y. Ts'o: "Re: inheritable set [was Re: caps in elf headers: use the sticky bit!]"
Previous message: Ingo Molnar: "Re: SMP race in page IO list"

OK ok..

Jeremy Fitzhardinge wrote:
>
> On 17-Apr-99 Andrew Morgan wrote:
> > I'm crossing my fingers that one does what I meant you to try. (The key
> > is that root can only remove files that root owns unless it has the
> > capability to do more.) In other words, root in this case should not be
> > able to remove luser's file. In your examples, root always owns the
> > file, so necessarily, it is able to manipulate them.
>
> When unlinking, it normally doesn't matter who owns a file or what its
> permissions are: it's the directory permissions which matter (ignoring +t
> dirs). Are you talking about modifying the semantics of unlink, or should you
> be using "open for writing" as the operation in your example?
>
> J

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Theodore Y. Ts'o: "Re: inheritable set [was Re: caps in elf headers: use the sticky bit!]"
Previous message: Ingo Molnar: "Re: SMP race in page IO list"