Re: [PATCH] capabilites, take 2

From: Olaf Dietsche
Date: Fri May 14 2004 - 01:40:24 EST

Next message: Tim Schmielau: "Re: [rft] testing BSD accounting format on different archs"
Previous message: Troy Benjegerdes: "Re: 9/10 intermezzos prefer eating memory"
In reply to: Chris Wright: "Re: [PATCH] capabilites, take 2"
Next in thread: Andy Lutomirski: "[PATCH] capabilities, take 3 (Re: [PATCH] capabilites, take 2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andy Lutomirski <luto@xxxxxxxxxxxxx> writes:

> I'm not convinced that Posix's version makes any sense. Also, there are
> apparently a number of drafts around which disagree on what the right
> rules are. (My copy, for example, matches the old rules exactly, but
> the old rules caused the sendmail problem.)

Don't confuse POSIX _semantics_ with implementation _bugs_.

> And, under Posix, what does
> the inheritable mask mean, anyway?
>
> Also, I don't find the posix rules to be useful (why is there an
> inheritable mask if all it does is to cause caps to be dropped on
> exec, when the user could just manually drop them?).

You can use the inheritable set, if you want to give capabilities to a
process when it's started by an already priviledged parent (e.g. a
root process), but not when it's started by a regular user.

See <http://www.olafdietsche.de/linux/capability/> for an example.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tim Schmielau: "Re: [rft] testing BSD accounting format on different archs"
Previous message: Troy Benjegerdes: "Re: 9/10 intermezzos prefer eating memory"
In reply to: Chris Wright: "Re: [PATCH] capabilites, take 2"
Next in thread: Andy Lutomirski: "[PATCH] capabilities, take 3 (Re: [PATCH] capabilites, take 2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]