Re: setuid odd behaviour

[Joao Santos]

Thanks Chris, my manpages seem to be a bit outdated.

----- Original Message -----
From: <chris@xxxxxxxxxxxxxxxx>
To: "Joao Santos" <jps@xxxxxxxxx>
Cc: <linux-kernel@xxxxxxxxxxxxxxx>
Sent: Sunday, June 27, 2004 12:38 AM
Subject: Re: setuid odd behaviour


> Hi,
>
> On Sun, 27 Jun 2004, Joao Santos wrote:
>
> > Hello everyone.
> >
> > I have been rewriting a private privilege system in the 2.6.7 kernel and
> > while making the final tests, vsftpd did not work because it could not
set
> > capabilities after changing to UID 99 (which seemed correct to me).
Just to
> > make sure I was doing the right thing, I booted up a vanilla kernel and
> > traced vsftpd again to see how the kernel was reacting to that setcap()
> > after setuid() and strangely the kernel let the setcap through and
returned
> > success.
>
> Yep - vsftpd uses prctl(PR_SET_KEEPCAPS, 1) to achieve this.
> It's necessary because there's little point in reducing your capability
> set unless you also switch away from uid 0 (it owns files which could be
> used to regain full capabilities).
>
> Cheers
> Chris
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/