> > That's not true, capabilities can be handled with system calls. A daemon > > may drop all capabilities except the one needed to bind to privileged ports. > > But the daemon would still be ran with UID 0, and be able to modify/access > > any root owned file in the system. > > Why wouldn't it also change its uid to that of daemon or nobody then? I > assume capabilities are independent of uid?
If you change RUID, EUID and SUID to a non-root user, all capabilities are cleared. Besides, this is the way it will be done when cap. enabled filesystems arrive.
