R.E.Wolff@BitWizard.nl (Rogier Wolff) said:
> Theodore Y. Ts'o wrote:
[...]
> > Don't be so sure it won't be a configuration/maintenance problem. You
> > still have at least an order of magnitude more bits to manage, and the
> > traditional tools for scanning for setuid bits won't work anymore. If a
> > cracker installs a trojan shell which has the FS_DAC_OVERRIDE capability
> > bit, "ls -l" won't show it as a dangerous program. Neither will
> > "find / -perm +6000 -print".
> Well, I don't know the actual incantation, but you shouldn't scan for
> setuid programs on a capability based system.
Yep. find(1) needs to be capability, ACL, whatnot, aware.
> By the way, any almost any capability on a capability based system can
> be leveraged to "root" (whatever that gives you).
Examples, please? It is assumed that a correctly set up capability system
avoids exactly this. Besides, "root" may well be just a random user name in
that case.
> For compatiblity reasons, it may prove a good idea to pretend that the
> setuid bit is set if ANY of the forced bits is set.
Perhaps it is better to just make a clean cut with compatibility... SUID
and capabilities are othogonal, AFAIKS.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viņa del Mar, Chile +56 32 672616- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:23 EST