Previously Nicolás Lichtmaier wrote: > That's not true, capabilities can be handled with system calls. A daemon > may drop all capabilities except the one needed to bind to privileged ports. > But the daemon would still be ran with UID 0, and be able to modify/access > any root owned file in the system.
Granted. Applications should still be able to run on kernels without capabilities until woody+1 at least imho. I still get bugreports reasonably frequently from people using 2.0 kernels, and I expect people will continue to use them for quite some time. > Capabilities are the future of security in Linux. Capabilities are > supported in the kernel Debian is now shipping with potato. FS support will > surely be one of the first things added to 2.5. I'm not so sure. Actually I'm sure it won't be one of the first things: capabilities will probably be done as part of a more general attributes change, and I don't remember seeing a solid and accepted proposal for that yet. Wichert. -- ________________________________________________________________ / Generally uninteresting signature - ignore at your convenience \ | [EMAIL PROTECTED] http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
