| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <887.65866.qm@web36605.mail.mud.yahoo.com> Date: Thu, 8 Mar 2007 08:24:38 -0800 (PST) From: Casey Schaufler <casey@...aufler-ca.com> To: rgarcia@...asoft.com, linux-kernel@...r.kernel.org Subject: Re: Request change in behaviour of capability inheritance. --- rgarcia@...asoft.com wrote: > I think that the current behaviour of capability > inheritance across exec() > is not optimal. > > The current behaviour consists in all effective and > permitted capabilities > are cleared across a exec(). This is because it > seems to be intended that > in the future the executable files have a set of > "allowed" and "forced" > capabilities. File based capabilities are the same effective, permitted, and inheritable sets that the process has. Unless the thinking has shifted over the last couple weeks (it happens from time to time) the inheritable set is what you're missing. Casey Schaufler casey@...aufler-ca.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists