2010/12/21 Miloslav Trmač mitr@volny.cz:
If an attacker were controlling a process running with uid 0 and no capabilities at all, and /bin/sh were 0555, nothing prevents the attacker from chmod()ing /bin/sh to 0755 and overwriting it. This makes any attempts to change the file permissions rather pointless.
Ah, of course. That makes sense, thanks!
But it leaves me feeling pretty uncertain about the value of trying to subset capabilities...