ons 2005-06-08 klockan 13:44 -0700 skrev Chris Wright:
> * Manfred Georg ([email protected]) wrote:
> > I was working with passing capabilities through an exec and it
> > didn't do what I expected it to. That is, if I set a bit in
> > the inherited capabilities, it is not "inherited" after an
> > exec(). After going through the code many times, and still not
> > understanding it, I hacked together this patch. It probably
> > has unforseen side effects and there was probably some
> > reason it was not done in the first place.
>
> True to both. If you'd like to work with this, check the archives for
> similar patches. Most recent in a thread from Alex Nyberg starting
> here:
>
> http://marc.theaimsgroup.com/?l=linux-kernel&m=111062795600730&w=2
>
btw since the last discussion was about not changing the existing
interface and thus exposing security flaws, what about introducing
another prctrl that says maybe PRCTRL_ACROSS_EXECVE?
Any new user-space applications must understand the implications of
using it so it's safe in that aspect. Yes?
(yeah it's rather silly since there already is an unused
keep_capabilities flag but that would change old interfaces so ok)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]