Replace uid==0 tests with capability checks
Jim Knoble
jmknoble at pobox.com
Thu Mar 19 10:27:58 EST 2009
On 2009-03-18 10:08, Corinna Vinschen wrote:
: Is there any chance this [the below] can be discussed at one point?
I'm all for it.
: On Mar 11 09:26, Corinna Vinschen wrote:
: > What's still missing in OpenSSH is code which abstracts the idea of the
: > root user to the idea of a user with certain privileges. [...]
: > the hardcoded checks for uid == 0 don't
: > make sense or rather, are too bulky in a couple of environments.
[...]
: > openssh should have checks along the lines of
: >
: > if (uid_has_capability (getuid (), CAP_foo_bar))
: > do_foo_bar ();
: > else
: > EEEEK!
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
More information about the openssh-unix-dev
mailing list