Scope and Using devices

Joe Shaw joeshaw at
Tue Jun 1 13:25:05 PDT 2004

On Tue, 2004-06-01 at 15:54 -0400, Robert Love wrote:
> Apps can run as setuid root, drop all capabilities but the requested one
> (s), and then set their uid's to the running (or any arbitrary) user.
> This can be done as the very first lines of code in the program,
> providing effectively the same results as if the filesystem supported
> capabilities.
> Joe and I have some test code that does the above.  It works.
> This leaves the onus of solving the access control problem on the core
> OS, where it belongs.

Here is some example code.  Note that /tmp/foo1 and /tmp/foo2 are owned
by root and 0644.  To build "gcc -o testcaps testcaps.c -lcap".

-------------- next part --------------
A non-text attachment was scrubbed...
Name: testcaps.c
Type: text/x-csrc
Size: 1970 bytes
Desc: not available
Url :
-------------- next part --------------
hal mailing list
hal at

More information about the Hal mailing list