On Mon, 2 Jun 2003, Chris Wright wrote:
> @@ -91,7 +92,7 @@
> * Superuser processes are usually more important, so we make it
> * less likely that we kill those.
> */
> - if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_ADMIN) ||
> + if (!security_capable(p,CAP_SYS_ADMIN) ||
> p->uid == 0 || p->euid == 0)
> points /= 4;
..............
> - if (cap_t(p->cap_effective) & CAP_TO_MASK(CAP_SYS_RAWIO))
> + if (!security_capable(p,CAP_SYS_RAWIO))
> points /= 4;
Correct me if i am wrong, but I think it is not a good idea to favor
applications with more
capabilities, as ussualy those are most wanted target on a system.
-- Grzegorz Jaskiewcz- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jun 07 2003 - 22:00:16 EST