Hello Yubin, On 10 October 2017 at 15:48, Yubin Ruan <ablacktshirt@xxxxxxxxx> wrote: > Hi, > In ld.so(8), when explaining whether a process is in the so-called > "secure execution mode", there are three circumstances: > > * The process's real and effective user IDs differ, or the real and > effective group IDs differ. This typically occurs as a result of > executing a set-user-ID or set-group-ID program. > > * A process with a non-root user ID executed a binary that conferred > permitted or effective capabilities. > > * A nonzero value may have been set by a Linux Security Module. > > I am confused with the second circumstance. What does it mean by > "confer permitted or effective capabilities"? Maybe this is a language issue. Doe it make more sense as: " A process with a non-root user ID executed a binary that conferred capabilities to the process's permitted or effective capability set." ? Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
