Hi!
> > Well, I could imagine that a paranoid sysadmin might
> > want some users'
> > processes to run without this or that capability
> > (perhaps
> > CAP_REG_PTRACE or some other yet-to-be-defined
> > capability). This
> > doesn't mean that they shouldn't be able to run a
> > game which runs sgid
> > in order to write the score file.
>
> A likely scenario might be the 3rd party program
> that you really are sure about trusting. You
> give it a capability set that has nothing in it
> (hence runs without capability regardless of
> the capabilities of the parent). That's part
> of the rationale behind the POSIX scheme, that
> some programs you just don't want to ever run
> privileged, period. But POSIX only deals with
> going "above" base, which is why I like the
> notion of your "underprivileged" scheme as a
> seperate addition.
Well, in kernel above-priviledge and below-priviledge makes sense to
be handled by same code. You can always create interface you prefer in
glibc...
Pavel
--
Thanks for all the (sleeping) penguins.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
