On Tue, 9 Aug 2005, Chris Wright wrote:
> * Bodo Eggert ([email protected]) wrote:
> > Chris Wright <[email protected]> wrote:
> > > * David Madore ([email protected]) wrote:
> > >> * Second, a much more extensive change, the patch introduces a third
> > >> set of capabilities for every process, the "bounding" set. Normally
> > >
> > > this is not a good idea. don't add more sets. if you really want to
> > > work on this i'll give you all the patches that have been done thus far,
> > > plus a set of tests that look at all the execve, ptrace, setuid type of
> > > corner cases.
> >
> > How are you going to tell processes that may exec suid (or set-capability-)
> > programs from those that aren't supposed to gain certain capabilities?
>
> typically you'd expect exec suid will reset to full caps.
ACK, but
1) I wouldn't want an exploited service to gain any privileges, even by
chaining userspace exploits (e.g. exec sendmail < exploitstring). For
most services, I'd like CAP_EXEC being unset (but it doesn't exist).
2) There are environments (linux-vserver.org) which limit root to a subset
of capabilities. I think they might use that feature, too. Off cause a
simple "suid bit" == "all capabilities" scheme won't work there.
--
"Just because you are paranoid, do'nt mean they're not after you."
-- K.Cobain
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |