From: Bodo Eggert (7eggert_at_gmx.de)
Date: Wed 12 Nov 2003 - 05:47:24 GMT
On Tue, 11 Nov 2003, Linas Vepstas wrote:
> Well, yes, that was my point. I'm getting the feeling that its implemented
> incorrectly, that there should have been a pair of bits: LOWERPCAP and
> RAISEPCAP, instead of SETPCAP. Seems to me that LOWERPCAP, by allowing
> one process to take away the caps of another, is reasonably safe
> and useful. So I was trying ask if you/other gurus see something flawed
> with this line of reasoning.
Imagine you'd take away capabilities from init...
If you put in the same checks kill() does, LOWERPCAP should be safe ...
-- ¤ Bill of Spammer-Rights ¤ 1. We have the right to assassinate you. 2. You have the right to be assassinated. 3. You have the right to resist, but it is futile.
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver