[rsbac] AUTH capabilities

Pallai Roland rsbac@rsbac.org
Mon Nov 11 10:29:28 2002

Previous message: [rsbac] Kernel oops
Next message: [rsbac] AUTH capabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

 description of the AUTH capabilities said:
 " These are ranges of user IDs, which this program may use in a
CHANGE_OWNER (setuid) request. The capabilities are inherited to the
process running the program. "

 and why can't restrict seteuid() requests? cap_setuid capability in
this way same as cap_dac_override after seteuid(0)..  I know a solution,
but a big overhead to set and force restricted roles aganist seteuid(0)
for processes with cap_setuid and restricted AUTH capabilities.. much
easiest way would be to restrict seteuid() as setuid(), and entrust all
permission checking to linux DAC..


please send a CC to me,
--
 DaP

Previous message: [rsbac] Kernel oops
Next message: [rsbac] AUTH capabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]