Re: caps in elf headers: use the sticky bit!

Pavel Machek (pavel@bug.ucw.cz)
Sat, 17 Apr 1999 16:11:56 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Livia Catarina Soares: "Question"
Previous message: Pavel Machek: "Re: [PATCH] Capabilities in elf"

Hi!

> > Eh, what problem?
>
> The problem that setting inheritable bits is a non-priviledged operation
> under the setuid0 scheme, and there is a LOT of power in the inheritable
> bits. You are left wide open to trojan binaries, but a paranoid
> sysadmin

It is not a showstopper. Your capabilities do NOT prevent you from
trojan horses. If you run program with uid=0, it does not need any
special privileges to screw you up. [Hint: who is owner of /etc/passwd?]

Pavel

-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Livia Catarina Soares: "Question"
Previous message: Pavel Machek: "Re: [PATCH] Capabilities in elf"