Re: [PATCH] capabilities not inherited

[Manfred Georg]

On Wed, 8 Jun 2005, Alexander Nyberg wrote:

> ons 2005-06-08 klockan 15:27 -0500 skrev Manfred Georg:
> > I was working with passing capabilities through an exec and it
> > didn't do what I expected it to.  That is, if I set a bit in
> > the inherited capabilities, it is not "inherited" after an
> > exec().  After going through the code many times, and still not
> > understanding it, I hacked together this patch.  It probably
> > has unforseen side effects and there was probably some
> > reason it was not done in the first place.
>
> Please read the thread at
> http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/1571.html
>
> Basically it says that because a broken interface was accepted from the
> beginning it can't be changed due to the security aspect.

Ok, that's what I figured, however, there seems to be some framework
for configuring different security modules.  Why isn't there one
that enables the non-broken interface?  feature creep?

> The whole thing sucks, sorry.
yep. :(
Especially since the current functionality doesn't make the
system any more secure.

Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/