Hi!
> > If you want to elevate some priviledges, make it setuid 0 (that will
> > give it all capabilities) and you can now copy forced into
> > allowed. You are done. You have nice compatibility (ls) for free, and
> > you have 32 more bits for your use!
>
> Who says running as UID == 0 gives you all capabilities? Why have a
Backwards compatibility.
> distinguished root user at all? OTOH, it does make sense to have a program
> that can modify files belonging to DNS, and which is allowed to bind to a
> low port, but nothing else. The UID/GID (and ACL) stuff and capabilities
> are complementary.
I said that different uid is where this gets ugly ;-). Take a look at
elfcap.
(Program that can modify files for DNS and which is allowed to bind
low port is doable with elfcap, but not with this proposal, because
there are no additional bits to store "new uid" as I do in elfcap.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:25 EST