On Tue, Aug 31, 2004, Nadav Har'El wrote about "Re: I'm not the process you think I am": > You can try doing this with Linux's little-known "capabilities" feature. > This allows you to have any user id, but with some of root's capabilities, > like binding any network address or writing any file (for example) > magically turned on. For your protection, you can even enable some capabilties > but not others.
On second thought, while it's easy to have a root (uid 0) owned process with lesser privelges (useful for enhanced security), it's less clear how to use the "capabilities" mechanism to elevate the capabilities of a non- root process. capsetp (controlling another process) might not be allowed on standard kernels; And setuid et al. might clear all the capabilities while changing the uid :( Please tell us if you find a solution. -- Nadav Har'El | Tuesday, Aug 31 2004, 14 Elul 5764 [EMAIL PROTECTED] |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |From the Linux getopt(3) manpage: "BUGS: http://nadav.harel.org.il |This manpage is confusing." ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
