Thanks Michael, 2017-10-11 0:58 GMT+08:00 Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx>: > Hello Yubin, > > On 10 October 2017 at 15:48, Yubin Ruan <ablacktshirt@xxxxxxxxx> wrote: >> Hi, >> In ld.so(8), when explaining whether a process is in the so-called >> "secure execution mode", there are three circumstances: >> >> * The process's real and effective user IDs differ, or the real and >> effective group IDs differ. This typically occurs as a result of >> executing a set-user-ID or set-group-ID program. >> >> * A process with a non-root user ID executed a binary that conferred >> permitted or effective capabilities. >> >> * A nonzero value may have been set by a Linux Security Module. >> >> I am confused with the second circumstance. What does it mean by >> "confer permitted or effective capabilities"? > > Maybe this is a language issue. Doe it make more sense as: > > " A process with a non-root user ID executed a binary that conferred > capabilities to the process's permitted or effective capability set." Yes this makes more sense. But I am still confused with why this is. I mean, "a binary that conferred capabilities to the process's permitted or effective capability set", is a very very normal scenario. What does it really mean by "the process's permitted or effective capability set". For me, that is just _any_ capability set, which is not that rational... Yubin -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
