Re: [PATCH] capabilities not inherited

From: David Wagner
Date: Thu Jun 09 2005 - 09:59:49 EST

Next message: Russell King: "Re: [TTY] exclusive mode question"
Previous message: kenoti maembe: "Fwd: Virtual Terminal switching problem with a 2.6.10 kernel with a ruby patch"
In reply to: Alexander Nyberg: "Re: [PATCH] capabilities not inherited"
Next in thread: Lee Revell: "Re: [PATCH] capabilities not inherited"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexander Nyberg wrote:
>tor 2005-06-09 klockan 02:59 +0000 skrev David Wagner:
>> [...] the sendmail attack [...]
>
>I'll look this up but it sounds very weird and I don't see how this
>would happen with this change.

Yup, it was a weird one indeed -- which is part of why I'm concerned.
Take a look at the attack again, then re-read my message. Maybe my
concerns will make more sense once you refresh your memory about the
setuid capabilities attack? If not, feel free to ask again, and I'll
try to elaborate. Here is a pointer to one description of that attack:
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
(jump straight to Section 7.1)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King: "Re: [TTY] exclusive mode question"
Previous message: kenoti maembe: "Fwd: Virtual Terminal switching problem with a 2.6.10 kernel with a ruby patch"
In reply to: Alexander Nyberg: "Re: [PATCH] capabilities not inherited"
Next in thread: Lee Revell: "Re: [PATCH] capabilities not inherited"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]