On Thu, Jan 12, 2012 at 4:57 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, Jan 12, 2012 at 4:42 PM, Andrew Lutomirski <luto@xxxxxxx> wrote: >> >> That may prevent another use: set this new flag, chroot, drop >> privileges, accept network connections. (The idea being that chroot >> might work unprivileged if this flag is set.) > > Well, if you have privileges, then just do > > chroot(); > drop privileges > > and if you depend on the new flag, then you do > > drop privileges > set new flag > chroot > > and if you want to work either way then you just do > > error = chroot > drop privileges > set new flag > if error > chroot > > which does the right thing regardless of whether you had privileges > and/or a new kernel or not. > > In any of the three cases I don't see why you'd ever want to drop > privileges *after* setting the new flag. Hmm... What if you're a daemon that needs something like CAP_NET_BIND but also wants to be able to run other helpers without CAP_NET_BIND? (Also, preventing dropping of privileges will probably make a patch more complicted -- I'll have to find and update all the places that allow dropping privileges.) --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
