> > +What can elfcap do:
> > +
> > +* mask inheritable, permitted and effective sets by arbitrary mask
> > +
> > +* set euid back to ruid
~~~~~~~~~~~~~~~~~~~~~~~
> > +
> > +Along with existing setuid mechanism, this hack can be used to grant
> > +subset of capabilities to executables. For example currently ping has
> > +to be setuid0. With elfcap, ping still will be setuid0, but most of
> > +its capabilities will be dropped at exec() time, so breaking into ping
> > +will allow attacker to generate arbitrary packets to network, but
> > +nothing more.
> > +
>
> If you break ping in the above scheme, you could edit /etc/passwd and
> gain access to the whole system. Capabilities doesn't gain you much
> if you have to use UID 0.
As you can set euid back to ruid, ping will not actually run with euid
== 0 and you will not be able to edit /etc/passwd.
The only problem is with programs which do geteuid() and fail if it is
not zero.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/