> Linus Torvalds writes:
> > On Sun, 16 May 1999, Albert D. Cahalan wrote:
>
> >> You want to allow shellscripts with special powers?!?!?
> >
> > I may want to _strip_ shellscripts of power.
>
> I suppose you intend to turn normal user abilities into default
> capabilities. (the ability to write to a writable file...)
Actually, as part of my security work, I've got a prototype patch which
makes "normal user abilities" capabilities. Currently the prototype just
has "exec priv binary" and "ptrace" as capabilities, but even with just
two new capabilities, system security can be considerably enhanced.
Imagine the frustration of an attacker who gets a nobody shell, then finds
he can't use his favourite exploit for <insert name of suid root program
here>.
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/