CAPs

[James Buster]

On Nov 5,  1:54pm, Andrew Morgan wrote:
} There is setting your own capabilities (having CAP_xxx in your permitted
} set) and there is setting another process' capabilities (having an
} effective CAP_SETPCAP). It is the latter that is the abomination.

Ok. I see the confusion. In IRIX, CAP_SETPCAP can only be used to
change your own capability set to an arbitrary value. It allows
you to change your capability set in violation of the restriction
that a process cannot make a capability inheritable, permitted or effective
unless it is already in that process' permitted set. IRIX does not
have an interface that lets you set the capability set of another
process.

} cap_set_proc() function is the 'POSIX' one and its fine - I would
} believe that IRIX supports this. The bit I'm warning against is the back
} end to this libcap function which is the Linux capset() system call
} which does include support for the CAP_SETPCAP stuff.

Linux should never have had the ability to change the capability set
of another process. Generality is nice, but not when it's both
dangerous and generally useless.

-- 
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message