Re: does not remove capabilities
On Thu, 9 Jun 2005, martin f krafft wrote:
Note: I am not filing this as a bug for reasons of responsible
disclosure. Maybe I am just being too paranoid. Let me know if
I should file the bug, or just forward my mail...
In order for the capability stuff to function the capability.ko module
should be loaded. The situation you describe indeed occurs when
capability.ko is not loaded into the kernel. So I would say that this is
lcap bug, as it is fails to inform the user that capabilities cannot be
removed. I have also tried it with capability module loaded, and then the
command 'lcap CAP_SYS_MODULE' strips _all_ the capabilities, so it seems
to be broken in more than one way. After that loading the modules is, in
fact, impossible. I'll file the bug against lcap once I have a
confirmation that it indeed misbehaves.
Jurij Smakov email@example.com
Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC