On Tue, Aug 09, 2005 at 11:36:00PM +0200, Bodo Eggert wrote:
> 1) I wouldn't want an exploited service to gain any privileges, even by
> chaining userspace exploits (e.g. exec sendmail < exploitstring). For
> most services, I'd like CAP_EXEC being unset (but it doesn't exist).
I intend to add a couple of capabilities which are normally available
to all user processes, including capability to exec(), capability to
fork() and a couple of others (maybe a capability to perform any kind
of write operation, but that seems a bit more difficult to implement).
So keep an eye open[#] for future versions of my patch.
--
David A. Madore
([EMAIL PROTECTED],
http://www.madore.org/~david/ )
[#] On the other hand, I have a strong tendency not to finish anything
I start :-( so maybe this is all just vaporware.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
