Re: why are capabilities disabled?

From: Valdis . Kletnieks
Date: Fri Feb 13 2004 - 13:10:17 EST

Next message: Maciej Zenczykowski: "Re: your mail"
Previous message: Nicolas Mailhot: "Re: JFS default behavior (was: UTF-8 in file systems?xfs/extfs/etc.)"
In reply to: Sven Köhler: "Re: why are capabilities disabled?"
Next in thread: Maciej Zenczykowski: "Re: why are capabilities disabled?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 13 Feb 2004 18:54:53 +0100, =?ISO-8859-1?Q?Sven_K=F6hler?= said:
> everybody's talking about filesystem-capabilities etc.
> i still dream of starting a process with a certain capability.

As long as you're staying in the same domain of capabilities, there's no
really big issue. The problem starts when you use fork(), exec(), and friends
to launch something that may have a different set of capabilities (either more
or less). Also note that exploited code can cause an exec() in a program that
doesn't even have a call to exec() in it....

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Maciej Zenczykowski: "Re: your mail"
Previous message: Nicolas Mailhot: "Re: JFS default behavior (was: UTF-8 in file systems?xfs/extfs/etc.)"
In reply to: Sven Köhler: "Re: why are capabilities disabled?"
Next in thread: Maciej Zenczykowski: "Re: why are capabilities disabled?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]