[mythtv] [PATCH] security update for realtime priority

Isaac Richards ijr at po.cwru.edu
Sat Nov 13 22:49:58 UTC 2004


On Wednesday 03 November 2004 06:39 am, Doug Larrick wrote:
> Matt Zimmerman wrote:
> > The entire point of capabilities is to be able to drop root, while
> > retaining certain privileges.  Something must not be right.
>
> I've done some searching and reading, and come to the conclusion that nk
> you're mistaken.  Read
> http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq
>-0.2.txt -- in particular the text around "Normally all capabilities are
> cleared when changing uid from root."  My understanding is that
> capabilities are used to restrict the things an otherwise-priveleged
> process can do. This interpretation agrees with the behavior I've observed.
>
> It also appears that the POSIX capabilities standard was withdrawn, so
> this is indeed a Linux-only (or Linux-mostly) feature.  So it does
> appear this implementation should be a settings.pro option, on by
> default for only Linux (or only Debian? -- depends how many distros have
> libcap1).

So, the version of the patch that was posted shouldn't be applied?

Isaac


More information about the mythtv-dev mailing list