CAPs

[Casey Schaufler]

Andrew Morgan wrote:
> 
> There is setting your own capabilities (having CAP_xxx in your permitted
> set) and there is setting another process' capabilities (having an
> effective CAP_SETPCAP).

Errr, no, cap_set_proc() only works on the current process. You
cannot use the POSIX function to set the capabilities of another
process.

> ..Not to mention the fact that its really tricky to inform a process
> it just got a new capability, it requires a daemon and some interprocess
> communication to do without pretty obvious race conditions (which brings
> up an authentication issue) and one should pause for thought when you
> consider how to verify/audit that its being used correctly on a running
> system.

Setting the security attributes of another process is a bad idea,
although the folks who did DG/UX will argue otherwise.

-- 

Casey Schaufler                         voice: (650) 933-1634
casey at sgi.com                           fax:   (650) 933-0170
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message