On Thu, 9 May 2002, Rusty Russell wrote:
>
> This changes CLONE_PID ("if my pid is 0, copy it") to CLONE_IDLETASK
> ("if I have CAP_SYS_MODULE, set child's pid to zero").
The "CAP_SYS_MODULE" thing needs to change, I think.
We simply cannot allow user-space to do this AT ALL, even root by mistake.
Sure, root can do other damage, but we should never allow root to do
things that simply cannot make sense from an internal consistency
standpoint.
Suggested approach:
- remove the CAP_SYS_MODULE etc checking altogether
- make sys_clone() just always mask that bit off.
Ok?
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue May 14 2002 - 12:00:11 EST