[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: socket-based activation has unmaintainable security?

Quoting Jonathan Dowland (jmtd@debian.org):
> On 6 Feb 2013, at 17:37, Andrey Rahmatullin <wrar@wrar.name> wrote:
> > Do we finally have mechanisms to start processes without root but with
> > elevated capabilities?
> We also need fallback for non Capability-capable supported kernels
> (wow that's an awkward sentence)

Not to mention non-xattr-backed filesystems.

Every time I've been in a discussion like this, that ends up being
the reason not to pursue it.


Reply to: