On Sat, 23 May 2015, Serge Hallyn wrote: > > You cannot use pA to try to subvert a setuid, setgid, or file-capped > > program: if you execute any such program, pA gets cleared and the > > resulting evolution rules are unchanged by this patch. > > Christoph, just to be sure, is this ^ going to suffice for you? > > Seems like it should since any program which is setuid-root, i.e. > passwd, isn't likely to be designed to exec other programs. Yes that should work. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
