| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060911065111.GA4850@clipper.ens.fr>
Date: Mon, 11 Sep 2006 08:51:11 +0200
From: David Madore <david.madore@....fr>
To: Jan Engelhardt <jengelh@...ux01.gwdg.de>
Cc: Linux Kernel mailing-list <linux-kernel@...r.kernel.org>,
LSM mailing-list <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 3/4] security: capabilities patch (version 0.4.4), part 3/4: introduce new capabilities
On Mon, Sep 11, 2006 at 08:10:17AM +0200, Jan Engelhardt wrote:
> You cannot reasonable run a program without CAP_REG_OPEN, because
> ld.so, libc.so and libdl.so all may load a ton of required files
> underneath you.
A program might quite conceivably drop CAP_REG_OPEN willingly once
it's started, or the administrator might use capset() on it once it's
running. But, again, this cap is mostly a proof of concept: the
really useful ones are CAP_REG_WRITE and CAP_REG_SXID.
--
David A. Madore
(david.madore@....fr,
http://www.madore.org/~david/ )
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists