No, consider a setuid (traditional & file capability) tool that
cleans out /tmp, removes print jobs, etc.
> Now, consider two users: nobody and admin.
>
> 'nobody' logs in and is given a shell. Login arranges that the shell
> nobody runs has the following Inheritable capability: pI = 0.
> Similarly, the shell runs with pE = pP = 0.
The tool gets these:
pI' = 0 = 0
pP' = 1 | (1 & 0) = 1
pE' = 0 & 1 = 0
If I read that right, the tool is permitted to raise the capability
but there is no capability to raise. (must pI also be 1 to raise pE?)
I think I still see a problem. Only the one capability has been
disabled, so operations that require it will fail. Other privileged
operations won't fail though, so the tool could create a mess when
it runs. For example, the tool may notify a daemon of whatever
action it will do.
Hopefully such problems are uncommon.
> The neat thing here is that the shell, which is common to both users,
> is unable to make use of the Inherited capabilities because it has no
> file capabilities with which to snag them.
That is quite weird. What about compatibility problems?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu