I've already admitted that this was a bad example. There is no true
defense against poor programming so protecting the system by design
from an exploitable hole in a program is only ever going to be an
exercise in damage limitation. There can be no argument, however,
that capabilities are better at damage limitation that the current
setuid model.
Also "absolutely no use" is a little strong. Capabilities, and frugal
use of the effective set of capabilities can help protect a large and
complicated program (written by many people) from doing something bad
by accident.
Cheers
Andrew
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu