linux capable( ) security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

linux capable() grants PF_SUPERPRIV to the calling process whenenver
the calling process checks a for a specific capability.  Will this
create a security hole? for example, a process that is allowed to
create device node (CAP_MKNOD), can gain PF_SUPERPRIV after calling
capable(), and can then perform admin operations?


Site Timeline