* Bodo Eggert ([EMAIL PROTECTED]) wrote: > 1) I wouldn't want an exploited service to gain any privileges, even by > chaining userspace exploits (e.g. exec sendmail < exploitstring). For > most services, I'd like CAP_EXEC being unset (but it doesn't exist).
Don't let it exec things it shouldn't. This can be done with namespaces or for finer-grained, that is what smth like SELinux is made for. > 2) There are environments (linux-vserver.org) which limit root to a subset > of capabilities. I think they might use that feature, too. Off cause a > simple "suid bit" == "all capabilities" scheme won't work there. IIRC, they effectively use the bounded set as per-context. So it'd not make any difference there. thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/