Re: Capabilities under Linux

Horst von Brand (vonbrand@sleipnir.valparaiso.cl)
Tue, 20 Apr 1999 20:58:43 -0400


Y2K <y2k@y2ker.com> said:

[...]

> The current elf_header solution does not grant *any* privledges just is
> used to revoke them. elf_headers should never be used to grant privledges
> that we can agree on.

How can it be of any use then? You _still_ have an omnipotent root account
that can be broken into, or whose processes can be hijacked? Capabilities
aren't about "taking away", they are abount granting specific rights.

OK, if the status of the "capabilities in ELF" suggestion is that it only
takes away rights, the case is definitely closed for me.

-- 
Horst von Brand                             vonbrand@sleipnir.valparaiso.cl
Casilla 9G, Viņa del Mar, Chile                               +56 32 672616

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/