On Fri, Sep 22, 2000 at 06:44:02PM -0300, Nicolás Lichtmaier wrote:
> That's not true, capabilities can be handled with system calls. A daemon
> may drop all capabilities except the one needed to bind to privileged ports.
> But the daemon would still be ran with UID 0, and be able to modify/access
> any root owned file in the system.
Why wouldn't it also change its uid to that of daemon or nobody then? I
assume capabilities are independent of uid?
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``We reject: kings, presidents, and voting.
We believe in: rough consensus and working code.''
-- Dave Clark
Attachment:
pgpD8xCSpF1MZ.pgp
Description: PGP signature