Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Sat, 2 Nov 2002 17:50:41 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Sat, 2 Nov 2002 17:50:41 -0500 Received: from quechua.inka.de ([193.197.184.2]:42941 "EHLO mail.inka.de") by vger.kernel.org with ESMTP id ; Sat, 2 Nov 2002 17:50:40 -0500 From: Bernd Eckenfels To: linux-kernel@vger.kernel.org Subject: Re: Filesystem Capabilities in 2.6? In-Reply-To: <87znssytu7.fsf@goat.bogus.local> X-Newsgroups: ka.lists.linux.kernel User-Agent: tin/1.5.8-20010221 ("Blue Water") (UNIX) (Linux/2.0.39 (i686)) Message-Id: Date: Sat, 2 Nov 2002 23:57:11 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 929 Lines: 23 In article <87znssytu7.fsf@goat.bogus.local> you wrote: > I still don't get it. How is this different from suid root. The worst > I can imagine is an admin doing chcap all+eip, which is no different > from doing a chown root; chmod u+s. The probvlem is that most software does not know abaout capabilities. A simple example is libc which will not ignore LD_PRELOAD because it does not notice that there is a difference in effective and real capabilities of the proces. Personally I think this is solvable, and we realy need a way to enable admins to use the least priveledge principle on their servers by removing suid root programs completely. Greetings Bernd -- www.freefire.org - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/