Mailinglist Archive: opensuse (1395 mails)
| < Previous | Next > |
[opensuse] Re: Should openSUSE review it's Security Policies?
- From: Jim Henderson <hendersj@xxxxxxxxx>
- Date: Thu, 1 Mar 2012 19:53:51 +0000 (UTC)
- Message-id: <jiok4f$aj1$2@dough.gmane.org>
On Thu, 01 Mar 2012 14:52:43 +0100, Per Jessen wrote:
program (perhaps also an external process can do this - that I don't
know) disables what the program shouldn't be allowed to do.
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
Well, maybe start with "man capabilities". I think that is where I saw
CAP_NET_BROADCAST mentioned. I have never played with any of this, but
my understanding is that you can manage various capabilities on a
per-process or per-user basis. I'm grasping at straws, but I'm sure
somebody here will have an actual understanding of this.
From what I understand, kernel capabilities are disabled selectively -you start a program as root and it has access to everything, and then the
program (perhaps also an external process can do this - that I don't
know) disables what the program shouldn't be allowed to do.
Jim
--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
| < Previous | Next > |