[...]
> {Shrug} Perhaps somebody can suggest some way that capabilities can
> have meaning for a script, any script if it comes to that?
A script in Unix is just another random way to write a program that does
what I want. Nothing special there. Note that today's scripts are (almost)
undistinguishable from binary, compiled programs: They may carry the same
permissions (execute permissions for whom, even S[UG]ID bits (not on all
Unices, but several honor them)). If some scheme can't do the same (at least
in principle) for capabilities, it is fundamentally flawed. No "all
capable" interpreter should be needed, as this is a _huge_ security risk,
the kernel might as well endow this particular process with the requested
capabilities, and nothing else.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/