Hi!
> > Do you want to look for privileged executables? If so, elfcap
> > is little different than inode-based bits. You can use the
> > proper search tool in either case. Elfcap does have the advantage
> > of giving you a quick check via regular "find" though. The real
> > winner here is the in-memory system, since the kernel could provide
> > a list via /proc.
>
> The "proper" search tool requires me to read the header of each file
> in the system to determine if it carries any embedded capabilities. This
> takes too long on large file systems.
No. It requires you reading header of each _setuid 0_ file. Non-setuid
0 files are only as dangerous as files without elfcap headers; or
maybe less.
NOTE NOTE NOTE: elfcap are really equivalent to some code at beggining
of main. They only *DROP* capabilities, not make them bigger.
(Is there chance of you talking me at pavel@atrey.karlin.mff.cuni.cz?)
> > > Any use of a capability is a security event.
> > > Any attempt to use a capability that is not authorized is a
> > > security violation.
> > > The level audit logging is up to the facility.
> >
> > So what? Elfcap can handle this perfectly well. Like the other
> > two proposed systems, elfcap is a kernel feature. You can trust
> > that the logging will happen.
>
> It cannot detect the unauthorized addition of capabilities to an
> executable.
If someone can write to your setuid executables, you have other
serious problems, anyway.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:34 EST