> Yes, you are correct; the interpreter should just get a (mostly) full cap
> set and parse the caps itself. Mine was a hairbrained idea, but at least
> it generated a better one. ;-)
It _is_ harebrained: You want to make the system secure by auditing each
capable piece of software (at least those with dangerous capabilities,
however defined), and for stuff like the Perl interpreter this is hopeless,
or at least makes the whole exercise pointless.
And again, what is going to stop me from faking capabilities in the script
when I write it?
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/