> Anyway, suid is currently not honoured by scripts. It will take
> _years_ before we'll get all tools like tar, cp, nfs, etc. work right
> with capbilities-in-namespace.
Do they all need to be rewritten? For example, the 'cp' program of today
is semantically more like "create a new file, and copy the bits over
from the old file. If I do "cp /etc/passwd ~/passwd" as a regular user,
then the new file is not owned by root, and it may not necessarily have
the same permissions (if my umask is 077, for example).
The question is, is it right (from a philosophical point of view) that
the capabilities are transferred vith the bits, no matter where the bits
end up? Or shouldn't the fact that the 'ping' program has certain
privileges be linked to that it has been installed as a privileged
program in /sbin on a certain machine?
Just my two bits...
Johan Myreen
jem@iki.fi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/