Package: manpages
Version: 2.39-1
Severity: normal
Tags: patch
The capabilities(7) manpage states:
A full implementation of capabilities requires:
2. that the kernel provide system calls allowing a thread’s
capability sets to be changed and retrieved.
3. file system support for attaching capabilities to an
executable file, so that a process gains those capabilities when the
file is execed.
Clearly an item is missing. The missing item is:
1. that for all privileged operations, the kernel check whether the
process has the required capability in its effective set.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-- no debconf information
--- man-pages-2.39/man7/capabilities.7 2006-08-03 10:58:08.000000000 -0300
+++ man-pages-2.39-new/man7/capabilities.7 2007-12-20 03:01:07.000000000
-0200
@@ -379,7 +379,10 @@
kernel version 2.2.11.
.SS Current and Future Implementation
A full implementation of capabilities requires:
-
+.IP 1. 4
+that for all privileged operations,
+the kernel check whether the thread has the required
+capability in its effective set.
.IP 2. 4
that the kernel provide
system calls allowing a thread's capability sets to
