About this list Date view Thread view Subject view Author view Attachment view

From: Bodo Eggert (7eggert_at_gmx.de)
Date: Wed 12 Nov 2003 - 05:47:24 GMT


On Tue, 11 Nov 2003, Linas Vepstas wrote:

> Well, yes, that was my point. I'm getting the feeling that its implemented
> incorrectly, that there should have been a pair of bits: LOWERPCAP and
> RAISEPCAP, instead of SETPCAP. Seems to me that LOWERPCAP, by allowing
> one process to take away the caps of another, is reasonably safe
> and useful. So I was trying ask if you/other gurus see something flawed
> with this line of reasoning.

Imagine you'd take away capabilities from init...

If you put in the same checks kill() does, LOWERPCAP should be safe ...

-- 
        Bill of Spammer-Rights 
1. We have the right to assassinate you.
2. You have the right to be assassinated.
3. You have the right to resist, but it is futile.

_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 12 Nov 2003 - 05:56:25 GMT by hypermail 2.1.3