* Bodo Eggert ([email protected]) wrote:
> 1) I wouldn't want an exploited service to gain any privileges, even by
> chaining userspace exploits (e.g. exec sendmail < exploitstring). For
> most services, I'd like CAP_EXEC being unset (but it doesn't exist).
Don't let it exec things it shouldn't. This can be done with namespaces
or for finer-grained, that is what smth like SELinux is made for.
> 2) There are environments (linux-vserver.org) which limit root to a subset
> of capabilities. I think they might use that feature, too. Off cause a
> simple "suid bit" == "all capabilities" scheme won't work there.
IIRC, they effectively use the bounded set as per-context. So it'd not
make any difference there.
thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |