On Sat, Mar 24, 2001 at 12:39:03AM -0500, Daniel Jacobowitz wrote: > > Vsftpd does, too. i have read GnuPG has code to use a capability to allocate secure memory instead of using suid, but its only really useful if you have capability bits in the filesystem which niether the kernel nor ext2 currently supports. > I'm fairly sure there's a lot more - you can access them through PAM > somehow, I think... yes Andrew Morgan (er i think thats right..) wrote a pam module that allows you to grant/deny certain capabilities to users when they login, the problem is it was broken by kernel 2.2.16 and later. that kernel disabled a capability from the bounding set in order to fix that nasty security hole, this also has the side affect of breaking this pam module (among other capability related things). check the pam-list archives for a recent explanation by andrew about this. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpuZLFUxIZNv.pgp
Description: PGP signature