On Sat, 17 Apr 2010 21:45:57 +0100 David W Noon <dwn...@ntlworld.com> wrote:
> In fact, POSIX capabilities are a mechanism to *reduce* a program's > permissions, not increase them. It's true that Linux "capabilities" are used to replace SUID and that does reduce the programs permissions. On the other hand programs like Wine. Which no one would never run with SUID could be run with CAP_NET_RAW. That would be a increase in permissions. Wine needs to be able to ping because some program need to use IPX[1], Like Red Alert 2. Someone has made a patch for Red Alert 2 to use TCP/IP and I can not think of another program off the top of my head. That information came from "man 7 capabilities". So I guess it's all about how you look at it. [1] http://en.wikipedia.org/wiki/Internetwork_Packet_Exchange
