On Jan 22, Jason Gunthorpe <jgg@ualberta.ca> wrote: >No it doesn't. You just run it as root and have it make the proper >capabilities syscalls before switching to not-root. You need the FS patch >if you want to do the above *without* changing bind's source. This is useful only if you also use chroot. If cracker gets UID 0 he can just edit /etc/shadow... -- ciao, Marco