Re: caps in elf, next itteration (the hack get's bigger)

Christian von Roques (roques@scalar.pond.sub.org)
16 Apr 1999 11:52:11 +0200


Just a thought,

"Stephen C. Tweedie" <sct@redhat.com> writes:

> On Wed, 14 Apr 1999 17:21:44 +0200 (CEST), Ingo Molnar
> <mingo@chiara.csoma.elte.hu> said:
>
> > The point is to get rid of random setuid root binaries (ping,
> > traceroute, etc.) and system daemons (klogd, syslogd, lpd, etc.)
> > executing with full system priviledges.
>
> It is much more than that: it is to prevent privileges leaking, so
> that bugs in these daemons do not compromise the security of other
> parts of the OS.

Therefore there should be a privilege to exec(2), if there isn't
already, which most daemons should deny themselves.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/