Re: Capabilities done right [diff against 2.3.1]

Y2K (y2k@y2ker.com)
Thu, 20 May 1999 10:51:06 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Samuel Hocevar: "Re: sometimes keyboard resets to default 6 chars a sec."
Previous message: Dieter =?iso-8859-1?Q?N=FCtzel?=: "2.2.9/2.3.3-ac2 kernel NULL pointer with IDE & 'rmmod -a'"
In reply to: Y2K: "Re: Capabilities done right [diff against 2.3.1]"
Next in thread: Pavel Machek: "Re: Capabilities done right [diff against 2.3.1]"

On Thu, 20 May 1999, Bernd Eckenfels wrote:
> In article <199905181223.IAA26691@pincoya.inf.utfsm.cl> you wrote:
> >> #!/bin/bash --drop NET_BIND_SERVICE
> > Great. Now the default shell is all-powerful.
> No, it inherits the powers of the user...
> btw: is there a tool for setting and clearing caps, for switching in secure
> mode (as i see from the source, the securelevel isnt used, its an exported
> symbol?)
There are tools for setting and clearing at
ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.3/
I also mirror that at my place below and have some extensions to it.
securebits has nothing to change it in the kernel AFAIK. In my patches I
add a new securebit and let you config at compile time the securebits.
I was going to make the securebits a per task thing but I chickened out of
that.

-- Any caps I mention are *derived* from a withdrawn draft posix document. See http://www.millenniumproductsllc.com/sjp/ for more info.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Samuel Hocevar: "Re: sometimes keyboard resets to default 6 chars a sec."
Previous message: Dieter =?iso-8859-1?Q?N=FCtzel?=: "2.2.9/2.3.3-ac2 kernel NULL pointer with IDE & 'rmmod -a'"
In reply to: Y2K: "Re: Capabilities done right [diff against 2.3.1]"
Next in thread: Pavel Machek: "Re: Capabilities done right [diff against 2.3.1]"