[Linux-privs-discuss] Re: Sendmail Workaround for Linux Capabilities
Bug (fwd)
Andrew Morgan
morgan at transmeta.com
Fri Jun 9 15:49:02 GMT 2000
Doh, typo fixes (which because all this is important):
Andrew Morgan wrote:
> Since there is no support for file-capabilities, there is no way to set
> fP, fI and fE on regular files and the values of these capabilities are
> naturally fP=fI=fE=0. This naturally leads to capability free processes
> that emerge from exec: (pE'=pP=0).
I missed a "'", this last bit should be:
(pE'=pP'=0).
> In the new Linux 2.2.16 (resilient) system, the scheme for this
> (filesystem capability) faking is different:
>
> if the exec()d program will have euid=0: fE=~0.
> if the exec()d program will have euid=0 or uid=0: fP=fI=~0.
Cut and paste stupidity, delete this next line:
> in all cases fP=0.
Cheers
Andrew
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list