[mythtv] [PATCH] security update for realtime priority
Doug Larrick
doug at ties.org
Wed Nov 3 11:39:18 UTC 2004
Matt Zimmerman wrote:
> The entire point of capabilities is to be able to drop root, while retaining
> certain privileges. Something must not be right.
I've done some searching and reading, and come to the conclusion that nk
you're mistaken. Read
http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt
-- in particular the text around "Normally all capabilities are cleared
when changing uid from root." My understanding is that capabilities are
used to restrict the things an otherwise-priveleged process can do.
This interpretation agrees with the behavior I've observed.
It also appears that the POSIX capabilities standard was withdrawn, so
this is indeed a Linux-only (or Linux-mostly) feature. So it does
appear this implementation should be a settings.pro option, on by
default for only Linux (or only Debian? -- depends how many distros have
libcap1).
-Doug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://mythtv.org/pipermail/mythtv-dev/attachments/20041103/5c0e09f7/signature.pgp
More information about the mythtv-dev
mailing list