Am 17.04.2010 23:32, schrieb Jonathan:
On Sat, 17 Apr 2010 21:45:57 +0100
David W Noon<dwn...@ntlworld.com> wrote:
In fact, POSIX capabilities are a mechanism to *reduce* a program's
permissions, not increase them.
It's true that Linux "capabilities" are used to replace SUID and that does
reduce the programs permissions.
On the other hand programs like Wine. Which no one would never run with SUID
could be run with CAP_NET_RAW.
That would be a increase in permissions. Wine needs to be able to ping because
some program need to use IPX[1],
Like Red Alert 2. Someone has made a patch for Red Alert 2 to use TCP/IP and I
can not think of another program off the top of my head.
That information came from "man 7 capabilities". So I guess it's all about how
you look at it.
[1] http://en.wikipedia.org/wiki/Internetwork_Packet_Exchange
Sounds a little like putting someone in prison and than telling him
walking through the prison yard is increasing his freedom.
kh
