Maybe the first appearance of this beautiful verb in the linux kernel?
Posted Sep 16, 2012 13:56 UTC (Sun) by nix (subscriber, #2304)
Posted Oct 4, 2012 8:47 UTC (Thu) by oak (guest, #2786)
Maybe the name could be CAPS_UNSECURED_BOOT, CAPS_ALLOW_UNLOCK, CAPS_DRM_UNLOCKED...?
Btw. Regarding this comment in the article:
"they vary from CAP_DAC_OVERRIDE (able to override file permissions) to CAP_NET_BIND_SERVICE (can bind to a low-numbered TCP port) to CAP_SYS_ADMIN (can do a vast number of highly privileged things)"
IMHO the most annoyingly ambivalent capability is CAP_SYS_PTRACE. Many low level developer tools need it, whether it's question of ptrace() calls (Gdb, strace...) which can modify the attached process *or* just reading process maps & smaps files from proc/ to find out processes real memory usage.
Latter restriction is especially frustrating because memory usage information is something that even normal user may need access to, to find out what process in his/her system is making it to crawl, or to provide information about that to a developer (using some tool suitable for that).
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds