> This is a change which must be discussed. The use of this > privilege can be completely prevented by having init remove > CAP_GRANT_ID from its capability bounding set before forking any > processes. Which is a minor back compat issue - but you could start without it and allow init to add it. It seems a very complex interface to do a simple thing. A long time ago there was discussion around extending the AF_UNIX fd passing to permit 'pass handle and auth' so you could send someone a handle with a "become me" token attached. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
