Re: caps in elf headers: use the sticky bit!

Richard Gooch (rgooch@atnf.csiro.au)
Mon, 19 Apr 1999 08:27:39 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert D. Cahalan: "Re: updated proposal for cap in elf"
Previous message: V Ganesh: "Re: bad lmbench numbers for mmap"
In reply to: Wakko Warner: "2.2.x, DMA buffers, oodles of ram"

Theodore Y. Ts'o writes:
> Date: Sat, 17 Apr 1999 16:11:56 +0200
> From: Pavel Machek <pavel@bug.ucw.cz>
>
> It is not a showstopper. Your capabilities do NOT prevent you from
> trojan horses. If you run program with uid=0, it does not need any
> special privileges to screw you up. [Hint: who is owner of /etc/passwd?]
>
> Then don't run programs setuid root! This is why using setuid root as
> the method for marking that a file has capabilities is a complete
> non-starter, as we have discussed before.

That's not true. I've explained clearly how to do it.

Regards,

Richard....

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Albert D. Cahalan: "Re: updated proposal for cap in elf"
Previous message: V Ganesh: "Re: bad lmbench numbers for mmap"
In reply to: Wakko Warner: "2.2.x, DMA buffers, oodles of ram"