Completing the pidfd API
Completing the pidfd API
Posted Aug 2, 2019 9:14 UTC (Fri) by flussence (guest, #85566)In reply to: Completing the pidfd API by mezcalero
Parent article: Completing the pidfd API
We should probably replace CAP_SYS_ADMIN programs (e.g. ffmpeg kmsgrab without running explicitly as root) with IPC first. setuid is less subversive, as at least it's visible in ls.