"Theodore Y. Ts'o" wrote:
> I think I actually overstated things when I said that "root shell" is
> prohibited. It doesn't have to run with PIE=(0,0,0). Linda was right
> on that score. (That is one way of doing things, but it's not the only
> way of doing things.)
>
> Still, even given that you're running with a shell with privileges,
> given that most executables have a PIE of (0,0,0), it means that they
> won't inherit any privileges by default. So "rm" would only get
> privileges if it was explicitly allowed to inherit DAC override (for
> example --- no reason to allow it to inherit CAP_SETUID, or CAP_SETPCAP,
> or any other privilege).
The first question a user of a pure capability system asks:
Q: "How do I get root?"
A: "su root -C all=eip" on Irix
It will be some time before everyone takes capabilities seriously.
But then again, who had a firewall up in 1992? We're changing our
computer usage patterns. Security is moving beyond the CrypoMagic
era. We may be slow, but we're not stoopid.
--Casey Schaufler Manager, Trust Technology, SGI casey@sgi.com voice: (650) 933-1634
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 31 2000 - 21:00:22 EST