> Are you sure about the current behaviour? Taking vsftpd as an example, it
> does
>
1 prctl()
2 setuid()
3 setgid()
4 cap_set_proc()
> i.e. it only fiddles with capabilities after dropping euid == 0. Of
> course, someone is welcome to fiddle with capabilities while euid == 0.
Sure this can be done before and after the proposed patch, end results are
the same. The difference would be what the effective caps are at step
3.5.
The point is when doing PR_SET_KEEPCAPS, one would expect not to have my
caps fiddled with at all.
Dax
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/