Re: local root on linux 2.2.15

[rwatson () FREEBSD ORG (Robert Watson)]

On Friday, a capabilities workshop was held at SGI in Mountain View, with
attendees from the Trusted IRIX, Linux, and FreeBSD worlds.  Part of our
work was to try and clarify issues in the draft specifications, and agree
on semantics for interaction between uid security models and capability
security models.  I would consider the workshop a great success, and would
like to remind people there there is a mailing list for the discussion of
the POSIX.1e spec (and related issues).  You can subscribe by sending
email to majordomo () cyrus watson org.

I'd also like to remind people that portable APIs do exist for
manipulating capability sets, and that using them results in portability
across platforms :-).  Please, wherever possible, use those APIs.  I
believe they exist in Linux in libcap.  In FreeBSD, they're in libposix1e
as of 5.0-CURRENT (some aspects are still being committed).  As they were
actually designed with opaque implementations in mind, they make it easy
to avoid type-based errors in malloc, have well-defined error modes, etc.

  Robert N M Watson

robert () fledge watson org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services