[cap-talk] More Heresey: ACLs not inherently bad
Raoul Duke
raould at gmail.com
Thu Oct 2 13:37:21 CDT 2008
> If the compiler uses setuid to run as the user, it can't update billing file. If it runs as itself, it will clobber the billing file with the output.
right -- so that seems to me to make the benefits gained from
auto-inferring-capabilities not all that more exciting than just
making programs setuid as the user invoking them. assuming correct
implementations of those approaches, the compiler can only overwrite
the billing file if the user has that ability.
maybe, however, there are programs which would want to be more than
setuid as the user or something, making caps better? but then if it
had some super cap the user didn't have that would be dangerous. so
i'm not yet sure how auto-inferring is great. well, other than to say
"we can do with caps what we already understand as familiar with
setuid-as-invoking-user programs." which is a fine thing to say.
sincerely.
More information about the cap-talk
mailing list