[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: does not remove capabilities

On Thu, 9 Jun 2005, martin f krafft wrote:

Note: I am not filing this as a bug for reasons of responsible
disclosure. Maybe I am just being too paranoid. Let me know if
I should file the bug, or just forward my mail...

Hi Martin,

In order for the capability stuff to function the capability.ko module should be loaded. The situation you describe indeed occurs when capability.ko is not loaded into the kernel. So I would say that this is lcap bug, as it is fails to inform the user that capabilities cannot be removed. I have also tried it with capability module loaded, and then the command 'lcap CAP_SYS_MODULE' strips _all_ the capabilities, so it seems to be broken in more than one way. After that loading the modules is, in fact, impossible. I'll file the bug against lcap once I have a confirmation that it indeed misbehaves.

Best regards,

Jurij Smakov                                        jurij@wooyd.org
Key: http://www.wooyd.org/pgpkey/                   KeyID: C99E03CC

Reply to: