Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch

• Next message: Steve: "PROBLEM: klogd crashed"
• Previous message: bert hubert: "Re: and nicer too - Re: [PATCH] epoll more scalable than poll"
• In reply to: chris@scary.beasts.org: "Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch"
• Next in thread: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch"
• Reply: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<chris@scary.beasts.org> writes:

> On Mon, 28 Oct 2002, Olaf Dietsche wrote:
>
>> If you're careful with giving away capabilities however, this patch
>> can make your system more secure as it is. But this isn't fully
>> explored, so you might achieve the opposite and open new security
>> holes.
>
> Have you checked how glibc handles an executable with filesystem
> capabilities? e.g. can an LD_PRELOAD hack subvert the privileged
> executable?

No, I didn't check. Thanks for this hint, I will look into this.

Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Steve: "PROBLEM: klogd crashed"
• Previous message: bert hubert: "Re: and nicer too - Re: [PATCH] epoll more scalable than poll"
• In reply to: chris@scary.beasts.org: "Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch"
• Next in thread: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch"
• Reply: Olaf Dietsche: "Re: [PATCH][RFC] 2.5.44 (1/2): Filesystem capabilities kernel patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:40 EST