Re: Capabilities done right...

Gregory Maxwell (linker@z.ml.org)
Fri, 21 May 1999 18:16:41 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Arvind Sankar: "Re: access to proc filesystem from chrooted process"
Previous message: Guest section DW: "Re: i386/RTC: old problem, new solution?"
In reply to: Arjan van de Ven: "kernel_thread vs zombie's"

On Fri, 21 May 1999, Bernd Eckenfels wrote:

> The problem with this is, that the current capabilities only address
> super-user featues. A non-root user has no caps to drop.
>
> I think I read on the linux-audit list something about CAP_USER priveledges
> whcih can be dropped (accept, fork, exec jumps to mind).

Bind and blocking signals (sighup)..

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arvind Sankar: "Re: access to proc filesystem from chrooted process"
Previous message: Guest section DW: "Re: i386/RTC: old problem, new solution?"
In reply to: Arjan van de Ven: "kernel_thread vs zombie's"