On Tue, Aug 09, 2005 at 11:36:00PM +0200, Bodo Eggert wrote: > 1) I wouldn't want an exploited service to gain any privileges, even by > chaining userspace exploits (e.g. exec sendmail < exploitstring). For > most services, I'd like CAP_EXEC being unset (but it doesn't exist).
I intend to add a couple of capabilities which are normally available to all user processes, including capability to exec(), capability to fork() and a couple of others (maybe a capability to perform any kind of write operation, but that seems a bit more difficult to implement). So keep an eye open[#] for future versions of my patch. -- David A. Madore ([EMAIL PROTECTED], http://www.madore.org/~david/ ) [#] On the other hand, I have a strong tendency not to finish anything I start :-( so maybe this is all just vaporware. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/