Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited

• Next message: Richard B. Johnson: "Re: PCI DMA into USER space"
• Previous message: Rogier Wolff: "Re: Semi up to date JOBS list"
• In reply to: Jesse Pollard: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Next in thread: Jesse Pollard: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > > Until you are passed a trojan horse.
> >
> > When you are passed a trojan horse with setuid bit set -- well -- you
> > are in exactly the same situation with elfcap. Just don't take trojan
> > horses with setuid bit set from unknown peopel. That always was like
> > this. Oh and you can do dump capabilities it will drop with simple
> > utility, so you can see for yourself which capabilities it is going to
>
> sure sure - and all installation software is modified to remove capabilities
> when run. yeah right. In a pigs eye.
>
> When I install software, I try to install it as non-root. This prevents
> the normal creation of setuid binaries that I don't know about. The
> number

Fine. You have no problems with elfcap, then. Noone has setuid 0 bit,
you don't have to examine anything, elfcaps are nop.

> of binary only installation software is very large, since many vendors do
> not want the installation procedure modified. Since I can't look at the
> binaries before installation, I can only look at them afterward. elfcap
> makes it necessary to examin every file (executable or not) to search for
> trojan horses with improper capability assignments.

No. Just search executable being setuid 0 for trojan horses. Elfcap is
nop for binaries not being setuid 0. Take a look at code.

> Using ext2 capablities, I only have to examine the inode of the file. All
> privilige information is revealed. I don't have to READ each file as well.
>
> No thanks. takes way to long, and is not reliable (compressed files, tar
> files, compresed tar files, tar files of compressed files...).
>
> Since tar is not required to know about capabilities restoring a tar file
> will not create new ones, even if the original file had capabilities, the
> copy won't.
>
> NO ELFCAP. not secure, not reliable, not auditable.
>
> -------------------------------------------------------------------------
> Jesse I Pollard, II
> Email: pollard@navo.hpc.mil
>
> Any opinions expressed are solely my own.

-- 
The best software in life is free (not shareware)!		Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Richard B. Johnson: "Re: PCI DMA into USER space"
• Previous message: Rogier Wolff: "Re: Semi up to date JOBS list"
• In reply to: Jesse Pollard: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Next in thread: Jesse Pollard: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:31 EST