On 16 Apr 1999 11:52:11 +0200, Christian von Roques
<roques@scalar.pond.sub.org> said:
> Just a thought,
> "Stephen C. Tweedie" <sct@redhat.com> writes:
>> It is much more than that: it is to prevent privileges leaking, so
>> that bugs in these daemons do not compromise the security of other
>> parts of the OS.
> Therefore there should be a privilege to exec(2), if there isn't
> already, which most daemons should deny themselves.
No, that's not necessary. The trick is that exec()ing a new process
doesn't automatically transfer the current process's privileges to the
new program. In a capabilities model, the exec() drops all currently
held privileges unless the new program is specifically marked to be able
to inherit certain privileges.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/