On Wed, 21 Apr 1999 13:39:09 -0700 (PDT), Y2K <y2k@y2ker.com> said:
>> No, because "more" wouldn't have any capabilities in its "inheritable"
>> set, so it would NOT inherit any capabilities which its parents had.
> Thats not very compatible, right now if the parent has the caps they flow
> to their children.
Right. That's the entire point: automatic inheritence of all caps is a
potential security problem, as it lets privileges leak into programs
which weren't designed to cope with those privs. You _can't_ change
that while maintaining compatibility. It's a simple one way choice:
compatibility necessarily implies preserving an entire class of security
vulnerabilities.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/