[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Review: sect. 4.16.2 of the Securing Debian manual

On Thu, 13 Mar 2003 12:21:44 +0100 Alexander Reelsen wrote:
 
>> "Capabilities" is the next section that I plan to write/rewrite :-) The
>> interesting point about capabilities is that once one of them has been
>> removed, it can not be added back -- so lcap can only remove capabilities,
>> and not add them again. You can have a look at the current section 9.3.2.1
>> of the manual, there is a very short blurb on the subject (with some
>> references)
>Ok. I wasn't sure anymore, whether it is completely impossible to add back
>a capability. Do you have some reference about that? I have something in
>mind about that but I can't remember exactly.

See answer above, some references are already provided in the manual. I'll
add some more when I'll rewrite the capabilities section.

Actually, I wouldn't swear that it is _completely_ impossible to add back a
capability, but noone seems to consider that this is feasible (or maybe
noone cares ? capabilities haven't really been used much)

Frédéric
Reply to: