Capabilities bounding set oddities ?

From: BIONDI Philippe (Philippe.BIONDI@enst-bretagne.fr)
Date: Mon Jan 31 2000 - 18:30:56 EST

Next message: David Ford: "Broken tty, tty1 in all caps but functional"
Previous message: Linus Torvalds: "Re: [linux-usb] __initcall diff, version 2"
Next in thread: Stephen C. Tweedie: "Re: Capabilities bounding set oddities ?"
Reply: Stephen C. Tweedie: "Re: Capabilities bounding set oddities ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all!

Why removing CAP_SYS_RAWIO from the cap_bset prevent anyone from mapping a
raw block device but doesn't protect it from reading or writing ?

Why removing CAP_NET_ADMIN prevent anyone from altering firewall rules but
can't prevent a simple echo 0> /proc/sys/net/ip_forward, or any other
sysctl ?

-- Philippe Biondi Systems administrator Webmotion Inc. http://www.webmotion.net mailto:philippe.biondi@webmotion.net Fax. (613) 260-9545

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: David Ford: "Broken tty, tty1 in all caps but functional"
Previous message: Linus Torvalds: "Re: [linux-usb] __initcall diff, version 2"
Next in thread: Stephen C. Tweedie: "Re: Capabilities bounding set oddities ?"
Reply: Stephen C. Tweedie: "Re: Capabilities bounding set oddities ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Feb 07 2000 - 21:00:05 EST