Capabilities bounding set oddities ?
BIONDI Philippe
Philippe.BIONDI en enst-bretagne.fr
Lun Ene 31 22:47:37 CST 2000
Hi all!
Why removing CAP_SYS_RAWIO from the cap_bset prevent anyone from mapping a
raw block device but doesn't protect it from reading or writing ?
Why removing CAP_NET_ADMIN prevent anyone from altering firewall rules but
can't prevent a simple echo 0> /proc/sys/net/ip_forward, or any other
sysctl ?
--
Philippe Biondi
Systems administrator
Webmotion Inc.
http://www.webmotion.net
mailto:philippe.biondi en webmotion.net
Fax. (613) 260-9545
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo en vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
Más información sobre la lista de distribución Ayuda