Ok, I agree completely with this; I don't see any good use for fE, it
really doesn't enhance security; if someone can explain to me why it
might, I'd be interested (Ted?)
fE is the rough equivalent of the setuid bit, except it's broken out by
capabilities. You still need it, because a non-privileged user may need
to execute a binary which has some privileges, but which does its own
access controls and authorization checks before doing some privileged
operation on behalf of the user. So fE is still absolutely needed.
Most of the programs which are setuid root today would have some kind of
non-zero fE mask.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/