Florian Weimer wrote:
* Alessandro Selli:
CAP_DAC_OVERRIDE is root-equivalent only as far as the DAC is
concerned.
This is incorrect.
Is capabilities(7) man page incorrect?
CAP_DAC_OVERRIDE
Bypass file read, write, and execute permission checks.
(DAC is
an abbreviation of "discretionary access control".)
Is linux/include/uapi/linux/capability.h incorrect?
/* Overrides all DAC restrictions regarding read and search on files
and directories, including ACL restrictions if [_POSIX_ACL] is
defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */
What else does this capability allow a process to do?
--
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiave firma PGP/GPG signing key: B7FD89FD
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
