> Please make it so that it only works if _specifically enabled_. Please
> do not choose a GID at random (e.g. 16) and assume that it will
> not collide with another use.
This a good idea, I can set the initial value as 0 (root gid) and if the
user needs the special gids they can set via /proc.
> Yes, but it could also open up problems. Not everyone understands what
> they are doing. Not everyone checks every kernel compilation option.
> Not everyone allocates user groups above 100.
I think this for the distributions, making them more strong and robust.
> It's a good idea anyway. Another idea would be to do that through
> a capability. That has maybe already been implemented.
The idea was make this feature works without user level source changes, if
you use capability you need to recode the source, with this it's more easy
and fast to set a alternative security in your system.
-- Augusto Cesar Sekure SDI http://www.sekure.org
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/