At present, we simply fake success for capset(2). However, like mknod(2), some uses of capset(2) are privileged and others are unprivileged. We could let through the unprivileged calls.
Figuring out what is privileged and what isn’t is quite a bit more complicated, though, and it requires dereferencing struct pointers.
At present, we simply fake success for
capset(2)
. However, likemknod(2)
, some uses ofcapset(2)
are privileged and others are unprivileged. We could let through the unprivileged calls.Figuring out what is privileged and what isn’t is quite a bit more complicated, though, and it requires dereferencing struct pointers.