Re: Capabilities done right...

Bernd Eckenfels (ecki@lina.inka.de)
Fri, 21 May 1999 02:09:45 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Machek: "Re: host (multibus) failover"
Previous message: Wolfram Kleff: "[Patch] bugfix for Atari partition format, ISO fs"
Maybe in reply to: John Wojtowicz: "Capabilities done right..."

In article <199905182018.QAA02859@dagwood.CS.YALE.EDU> you wrote:
> I think there may be a large need for something like this, not just for
> setuid-root programs, but so that ordinary users can run untrusted
> programs off the net without putting their own data at risk.

The problem with this is, that the current capabilities only address
super-user featues. A non-root user has no caps to drop.

I think I read on the linux-audit list something about CAP_USER priveledges
whcih can be dropped (accept, fork, exec jumps to mind).

Greetings
Bernd

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: host (multibus) failover"
Previous message: Wolfram Kleff: "[Patch] bugfix for Atari partition format, ISO fs"
Maybe in reply to: John Wojtowicz: "Capabilities done right..."