On Wednesday 09 Jul 2003 6:26 pm, you wrote: > On Wed, Jul 09, 2003 at 06:21:06PM +0100, Richard Urwin wrote: > > The technology is coming, but is not quite ready. > > It's been in the kernel for ages, I think - when *is* it going to be > ready?
I read up on it the last time you mentioned it. It looks like there's a big hole in it that lets an exploit get all capability bits. It shouldn't be too hard to write a little program that set things up and then forked bash, and enabling it is only a matter of recompiling the kernel, but without a fix you'd be laying yourself open to the exploit. Nothing seems to have been mentioned about it since kernel 2.2, I wonder if anyone is working on it. If not then is nobody interested or is prevaling wisdom that it is a dead-end? -- Richard Urwin