> That by definition isn't a privilege. If the file is writable by
> that user, then the privilege for DAC write permission override
> isn't needed to write it. However, the uid check should be short
> circuited by the check DAC write permission override.
> I would believe that eventually you would want to convert all uid 0
> checks in the kernel to capabilities checks. Then if you've
> compiled the kernel with out capabilities enabled, you'd dummy up
> the effective, permitted and inheritable sets for all uid 0
> processes to have ALL privileges in it, and all other normal users
> have NONE in their process capability sets. If it is enabled then
> you perform the normal capabilities calculations whenever a process
> is exec()'ed. Is this the plan Linus?
The above is generally what is happening in 2.2 - there are no checks
for uid==0. In addition to the above, there is some capabilities
conversions during set*id from/to uid 0.
astor
-- Alexander Kjeldaas, Fast Search & Transfer, Trondheim, Norway- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/