[Bug 34770] dapper kernel breaks capabilities
Martin Pitt
martin.pitt at ubuntu.com
Mon Mar 13 15:31:25 UTC 2006
Public bug reported:
https://launchpad.net/malone/bugs/34770
Affects: linux-source-2.6.15 (Ubuntu)
Severity: Normal
Priority: (none set)
Status: Unconfirmed
Description:
cap_set_proc() just returns EPERM with the Dapper kernel:
$ gcc -o capability capability.c -lcap
$ sudo ./capability
cap_set_proc: Operation not permitted
This breaks various derooting patches so that daemons run with more
privileges than required. Even worse, daemons which just rely on
dropping capabilities without carefully checking whether they can
perform cap_set_proc() might just break completely.
More information about the kernel-bugs
mailing list