> I think you read too many extremes into it.
> CAP_LINUX_ADDUSER_2_ETC_PASSWD
> was never intended.
The POSIX spec allows you to specify the aforementioned capability,
and DG has such. Mr. Spencer did intend the spec to allow this,
and then implemented it, to boot. The spec is intended to allow
each implementer to choose their own flavor of poison. My experiance
leads me to believe that application level capabilities are a
poor choice, and that mechanisms directed at that problem, such
as program access lists, are more appropriate. (just waht we need,
yet another security mechanism, right?)
--Casey Schaufler voice: (650) 933-1634 casey@sgi.com fax: (650) 933-0170
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/