The problem with this is, that the current capabilities only address
super-user featues. A non-root user has no caps to drop.
I think I read on the linux-audit list something about CAP_USER priveledges
whcih can be dropped (accept, fork, exec jumps to mind).
Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/