Re: Capabilities done right [diff against 2.3.1]

Linus Torvalds (torvalds@transmeta.com)
Mon, 17 May 1999 09:24:45 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: dledford@redhat.com: "Re: My 3 big wishes for 2.3.x"
Previous message: Theodore Y. Ts'o: "Re: Capabilities done right [diff against 2.3.1]"

On Mon, 17 May 1999, Pavel Machek wrote:
>
> Is that missfeature of sh? I thought that it was race between sh being
> loaded and potential change of file. Malicious user could delete suid
> program and replace it with his own code with other name -- that is
> not easily worked around. So capabilities support will have to go into
> sperl, anyway.

It =is= easily worked around. Using /proc there ave been patches around
for a long time.

Anyway, the whole point was that there are cases where you want to
=remove= capabilities. And hey, if you have a hacker that tries to take
over that removal, tell him hello.

> Did I convince you now?

No.

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: dledford@redhat.com: "Re: My 3 big wishes for 2.3.x"
Previous message: Theodore Y. Ts'o: "Re: Capabilities done right [diff against 2.3.1]"