On Fri, Sep 22, 2000 at 06:44:02PM -0300, Nicolás Lichtmaier wrote: > That's not true, capabilities can be handled with system calls. A daemon > may drop all capabilities except the one needed to bind to privileged ports. > But the daemon would still be ran with UID 0, and be able to modify/access > any root owned file in the system.
Why wouldn't it also change its uid to that of daemon or nobody then? I assume capabilities are independent of uid? Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``We reject: kings, presidents, and voting. We believe in: rough consensus and working code.'' -- Dave Clark
pgpHgLiabemVz.pgp
Description: PGP signature
