Pavel Machek <pavel@suse.cz> said:
[...]
> If you want to elevate some priviledges, make it setuid 0 (that will
> give it all capabilities) and you can now copy forced into
> allowed. You are done. You have nice compatibility (ls) for free, and
> you have 32 more bits for your use!
Who says running as UID == 0 gives you all capabilities? Why have a
distinguished root user at all? OTOH, it does make sense to have a program
that can modify files belonging to DNS, and which is allowed to bind to a
low port, but nothing else. The UID/GID (and ACL) stuff and capabilities
are complementary.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viņa del Mar, Chile +56 32 672616- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST