"Serge E. Hallyn" <[EMAIL PROTECTED]> writes: > Quoting Olaf Dietsche ([EMAIL PROTECTED]): >> This patch implements filesystem capabilities. It allows to >> run privileged executables without the need for suid root. >> >> Changes: >> - updated to 2.6.23 >> - fix const correctness >> - fix secureexec [...] > given that file capabilities are now in 2.6.23, could you explain the > benefits of this version? Should we consider switching it out for > yours?
It's just another version, works without xattr and, most important: it's mine :-) > If we stick with the current upstream file capabilities patch, should we > port your SECURE_HACK to it? I actually thought that fixing > bprm_secure_exec() sufficed? Fixing bprm_secure_exec() is sufficient. SECURE_HACK is just a leftover, when there was no AT_SECURE and accordingly libc (< 2.3.6) ignored bprm_secure_exec(). Regards, Olaf. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
