> There are several program development tools that are setuid to another user
> that switch back after initiating file activity, and put the resulting file
> in the users directory.
>
> Some database applications do this also.
>
> your "patch" violates the assumptions of any program that uses setuid() in
> the POSIX manner.
>
OK, but what should I do? I can't change the assumptions the programmers
do in any case... But I think that support for capabilities - as it is
done in my patch - should be put into the kernel (there are too much
suid-roots...). If you also think that it should be done - please help
me. I don't know how to do it without breaking neither security nor
POSIX-compatibility...
Michal Kosek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/