On Sun, 9 Nov 2003, Andrey Borzenkov wrote: > On Wednesday 05 November 2003 14:57, [EMAIL PROTECTED] wrote: > > kernel-desktop can have all the preempt stuff and other things (setpcap?) > > you do not want to have on your server. > > actually capabilities are exactly for server for all I can say. It allows you > to run services with reduced privileges thus reducing the possible intrusion > impact.
setpcap? What i remember from discussions about it is that it is not secure. It is a one-line patch, so why was it not ever included in 2.4? It allows processes to inherit privileges and i think the reason it is frowned upon that it is a bit too powerful and becomes easy for an app to screw up things. d.
