I think that the current behaviour of capability inheritance across exec() is not optimal.
The current behaviour consists in all effective and permitted capabilities are cleared across a exec(). This is because it seems to be intended that in the future the executable files have a set of "allowed" and "forced" capabilities. If a capability is not allowed, it is not permitted in an inherited process. But at pressent, there is no attribute of "allowed" capabilities in the filesystem, and the behaviour is that no capability is allowed. I request to change this behaviour. By default all capabilities should be allowed, that is, inherited across exec(). This is neccessary to protect a daemon without changing its source. With the requested behaviour, it would be posible to launch a daemon intented to run as root, as an unpriviledged user but with the neccessary capabilities, by using a script or program that changes the uid and the capabilities and then launches the daemon. Thus the present behaviour of no "allowed" capabilities pretends to be more secure, but is actually less secure. By default, all parent priviledges should be inherited, because this allows one to create programs and scripts that execute daemons or other programs in a restricted environment. I am modifying kernel source for our own setup. I think others should ---------------------------------------------- Ramon Garcia Fernandez Kotasoft, your experts in Linux consulting ---------------------------------------------- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/