|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH v2 3/4] Add cap reduction support to enable use as SUID |
Date: | Mon, 24 Oct 2011 14:21:05 -0500 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Lightning/1.0b2 Thunderbird/3.1.13 |
On 10/24/2011 02:13 PM, Corey Bryant wrote:
Right, it's not desirable, but isn't that the best we can do without libcap or FS capabilities?I think the best we can do is not let it run in those cases. :) I'd like see if others in the community have an opinion on this though.
IMHO, it should work as an setuid binary maintaining root privileges. As long as it's a small binary (which it is) and is easy to audit, it should be safe.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |