Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited

From: Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Date: Wed Jun 14 2000 - 11:00:16 EST

Next message: Russell King: "Re: tuner initialization in 2.4.0-test1-ac1[0-8]"
Previous message: Chris Mason: "Re: (reiserfs) Re: Red Hat (was Re: reiserfs)"
Next in thread: Albert D. Cahalan: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
Reply: Albert D. Cahalan: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pavel Machek <pavel@suse.cz>:
> Hi!
>
>
> > > > Until you are passed a trojan horse.
> > >
> > > When you are passed a trojan horse with setuid bit set -- well -- you
> > > are in exactly the same situation with elfcap. Just don't take trojan
> > > horses with setuid bit set from unknown peopel. That always was like
> > > this. Oh and you can do dump capabilities it will drop with simple
> > > utility, so you can see for yourself which capabilities it is going to
> >
> > sure sure - and all installation software is modified to remove capabilities
> > when run. yeah right. In a pigs eye.
> >
> > When I install software, I try to install it as non-root. This prevents
> > the normal creation of setuid binaries that I don't know about. The
> > number
>
> Fine. You have no problems with elfcap, then. Noone has setuid 0 bit,
> you don't have to examine anything, elfcaps are nop.

THEY ARE NOT - I may use them as root. Someone else may use them as root.
they may have passed the initial testing and appear as quite normal
applications UNTIL they are run as root. Even on a system with root having
no privileges, suddenly this program becomes privileged.

> > of binary only installation software is very large, since many vendors do
> > not want the installation procedure modified. Since I can't look at the
> > binaries before installation, I can only look at them afterward. elfcap
> > makes it necessary to examin every file (executable or not) to search for
> > trojan horses with improper capability assignments.
>
>
> No. Just search executable being setuid 0 for trojan horses. Elfcap is
> nop for binaries not being setuid 0. Take a look at code.

did. and I repeat:

NO ELFCAP. not secure, not reliable, not auditable.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King: "Re: tuner initialization in 2.4.0-test1-ac1[0-8]"
Previous message: Chris Mason: "Re: (reiserfs) Re: Red Hat (was Re: reiserfs)"
Next in thread: Albert D. Cahalan: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
Reply: Albert D. Cahalan: "Re: Ke: Process Capabilities on 2.2.16, Sendmail problem revisited"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:35 EST