On Friday 31 October 2008 21:41:50 Chris Adams wrote:
Would it be possible to implement capabilities in a backwards
compatible
fashion? For example, still have e.g. /bin/ping setuid-root, but also
have capabilities assigned, and have the capabilities override
setuid-root (if capabilities are assigned the setuid/setgid bits are
ignored).
This is an interesting idea. I haven't tested to see which one overrides, but
I think this would be a good backwards compatible solution. Might take a
kernel patch to fix, but worth looking into.
Thanks,
-Steve