> No, because "more" wouldn't have any capabilities in its "inheritable"
> set, so it would NOT inherit any capabilities which its parents had.
Thats not very compatible, right now if the parent has the caps they flow
to their children. Actually for linux2.2.6 it appears that if ruid=0 or
euid=0 all caps are raised else all caps are droped upon exec.
Sometimes, to be secure, you have to break compatibility. Period.
Sure, using capabilities will be an option, but people who turn it on
will have to expect different behaviours in order to be fully secure.
Someone who is used to running as root all the time will certainly
experience compatibility problems when they first start running as a
non-privileged user 100% of the time. This is a similar transition.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/