Theodore Y. Ts'o wrote:
> Date: Fri, 11 Feb 2000 13:59:43 +0000 (GMT)
> From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
>
> 2) Filesystem support goes in, but typical usage will be to just use the
> "forced" support, to keep traditional UNIX privilege inheritance but run
> suid root program with finer grained privilege. Note that stage 2) is by
> no means a configuration/maintenance problem
>
> Don't be so sure it won't be a configuration/maintenance problem. You
> still have at least an order of magnitude more bits to manage, and the
> traditional tools for scanning for setuid bits won't work anymore. If a
> cracker installs a trojan shell which has the FS_DAC_OVERRIDE capability
> bit, "ls -l" won't show it as a dangerous program. Neither will
> "find / -perm +6000 -print".
Well, I don't know the actual incantation, but you shouldn't scan for
setuid programs on a capability based system.
By the way, any almost any capability on a capability based system can
be leveraged to "root" (whatever that gives you).
For compatiblity reasons, it may prove a good idea to pretend that the
setuid bit is set if ANY of the forced bits is set.
Roger.
-- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * Common sense is the collection of * ****** prejudices acquired by age eighteen. -- Albert Einstein ********- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:22 EST