> > > > +* mask inheritable, permitted and effective sets by arbitrary mask
> > > > +
> > > > +* set euid back to ruid
> > ~~~~~~~~~~~~~~~~~~~~~~~
------------------------
~~~~~~~~~~~~~~~~~~~~~~~
> > As you can set euid back to ruid, ping will not actually run with euid
> > == 0 and you will not be able to edit /etc/passwd.
> >
> > The only problem is with programs which do geteuid() and fail if it is
> > not zero.
>
> But then the process will loose its capabilities. What you have
> achieved is simply that there are a few things you can't do directly
> when you have found a hole in ping. You can still do them indirectly
> since you own the UID.
No. Look above. elfcap hack allows you not only to loose capabilities,
but also set euid back to ruid - so ping command will not really run
with euid=0, and you will not be able to do anything - directly or
indirectly.
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/