Re: setuid odd behaviour

From: chris
Date: Sat Jun 26 2004 - 18:40:43 EST

Next message: Chris Wedgwood: "jiffies_64"
Previous message: Rusty Russell: "Re: 2.6.7-bk: asm/setup.h and linux/init.h"
In reply to: Joao Santos: "setuid odd behaviour"
Next in thread: Joao Santos: "Re: setuid odd behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Sun, 27 Jun 2004, Joao Santos wrote:

> Hello everyone.
>
> I have been rewriting a private privilege system in the 2.6.7 kernel and
> while making the final tests, vsftpd did not work because it could not set
> capabilities after changing to UID 99 (which seemed correct to me). Just to
> make sure I was doing the right thing, I booted up a vanilla kernel and
> traced vsftpd again to see how the kernel was reacting to that setcap()
> after setuid() and strangely the kernel let the setcap through and returned
> success.

Yep - vsftpd uses prctl(PR_SET_KEEPCAPS, 1) to achieve this.
It's necessary because there's little point in reducing your capability
set unless you also switch away from uid 0 (it owns files which could be
used to regain full capabilities).

Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wedgwood: "jiffies_64"
Previous message: Rusty Russell: "Re: 2.6.7-bk: asm/setup.h and linux/init.h"
In reply to: Joao Santos: "setuid odd behaviour"
Next in thread: Joao Santos: "Re: setuid odd behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]