[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is this mail list dead?
On Mon, Mar 12, 2001 at 09:59:07PM -0800, Crispin Cowan wrote:
> Until you have a file system that supports extended attributes so as to store
> capability bits (i.e. "SUID privileged port bit" instead of "SUID root") then you
> need to require root to allow the application to set its own capabilities. This
> is an improvement over requiring root to bind to ports, but you still are
> depending on the program to correctly drop privs.
I've been playing with LIDS and I believe it does this perfectly and
without filesystem support.
--
Tracy Reed http://www.ultraviolet.org
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/