Capabilities - call for help

Pavel Machek (pavel@bug.ucw.cz)
Sun, 2 May 1999 23:58:53 +0200


Hi!

Capabilities are nice thing to have, but for any capability model to
work, it needs to be known which program needs what capabilities.

For example - sendmail is currently setuid root. I do not like it, but
there's no easy way to find out what capabilities sendmail really
needs.

Documenting requirements for every critical program (critical = setuid
| system daemon) is lot of work, but it needs to be done. It would be
nice if distribution creators added notices "which privileges are
needed" into program manuals. Other posibility is to create central
repository for such information.

Pavel

-- 
I'm really pavel@atrey.karlin.mff.cuni.cz. 	   Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/