Date: Tue, 22 Jun 2004 10:59:09 +0200
From: uaca@alumni.uv.es
To: linux-kernel@vger.kernel.org
Subject: capabilities, cap_set_cap and setuid()
Message-ID: <20040622085908.GA13906@pusa.informat.uv.es>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1176
Lines: 34

Hi

I didn't find an answer about enabling CAP_SETPCAP

Why is deemed a security risk? 

Maybe the question seems silly but, where is the risk, a root user
can setuid /bin/sh and maked things still more fun... it sounds brain dead.

Another question... why is not allowed to do the following:

uid = 0 program enables enables only one capability (in all sets) and if it
changes to another uid (by calling setuid) the program losses the
capability.

Any comment would be greatly appreciated

Thanks in advance

	Ulisses

                Debian GNU/Linux: a dream come true
-----------------------------------------------------------------------------
"Computers are useless. They can only give answers."            Pablo Picasso

"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/