On Wed, 8 Jun 2005, Alexander Nyberg wrote:
ons 2005-06-08 klockan 15:27 -0500 skrev Manfred Georg:
I was working with passing capabilities through an exec and it
didn't do what I expected it to. That is, if I set a bit in
the inherited capabilities, it is not "inherited" after an
exec(). After going through the code many times, and still not
understanding it, I hacked together this patch. It probably
has unforseen side effects and there was probably some
reason it was not done in the first place.
Please read the thread at
http://www.ussg.iu.edu/hypermail/linux/kernel/0503.1/1571.html
Basically it says that because a broken interface was accepted from the
beginning it can't be changed due to the security aspect.
Ok, that's what I figured, however, there seems to be some framework
for configuring different security modules. Why isn't there one
that enables the non-broken interface? feature creep?
The whole thing sucks, sorry.
yep. :(
Especially since the current functionality doesn't make the
system any more secure.
Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]