RE: [patch included] Re: using capabilities to allow debug of su

Jeremy Fitzhardinge (jeremy@goop.org)
Sat, 17 Apr 1999 13:36:47 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pavel Machek: "Re: Linux 2.0.37pre10"
Previous message: Jakub Jelinek: "Re: bad lmbench numbers for mmap"

On 17-Apr-99 Andrew Morgan wrote:
> I'm crossing my fingers that one does what I meant you to try. (The key
> is that root can only remove files that root owns unless it has the
> capability to do more.) In other words, root in this case should not be
> able to remove luser's file. In your examples, root always owns the
> file, so necessarily, it is able to manipulate them.

When unlinking, it normally doesn't matter who owns a file or what its
permissions are: it's the directory permissions which matter (ignoring +t
dirs). Are you talking about modifying the semantics of unlink, or should you
be using "open for writing" as the operation in your example?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: Linux 2.0.37pre10"
Previous message: Jakub Jelinek: "Re: bad lmbench numbers for mmap"