Previously Jules Bean wrote: > suid bits are insecure, full-stop. Given that we have a sufficiently bad > (in particular, coarse-grained) security model that we need them, there > doesn't seem to be any particular value in restricting them to > executables. Now that we have the 2.2 kernel we actually have a much more fine-grained system using the new capabilities and credential-passing stuff in the kernel. The only major things that seems to be lacking is a good capd which can give the credentials. From what I hear capability-flags will also be part of the next version of ext2fs (ext3fs?). Wichert. -- ============================================================================== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: wakkerma@cs.leidenuniv.nl WWW: http://www.wi.leidenuniv.nl/~wichert/
Attachment:
pgpo1zfn2gArr.pgp
Description: PGP signature