Hi!
> > > > Just as programming languages can not prevent bugs, security
> > > > systems can not prevent complete administrative abuse.
> > > > Not even MAC can prevent this kind of error... if an install
> > > > program asks you to grant it MAC override, do you do so?
> > >
> > > If MAC override is in some piece of junk like elfcap then I have no audit
> > > control to determine if it is there.
> >
> > Why? You have a tool that parses elf headers and tells you if elfcap
> > header is active. Is that what was your concern? It takes "lot of time"
> > to get elfcap header, but it can be done.
>
> Because the audit "lot of time" doesn't include tar files which can contain
> these things too. Capabilities should not be in tar files.
Setuid bit is cleared on write, that's okay; and elfcap only restricts
capabilities. So I still do not understand what your problem is.
If you run (as root) elfcap executable, it can only do _less_ damage
than normal executable, because elfcap may reduce its
capabilities. And I repeat: elfcap are equivalent to cap_XXX calls at
begging of main. Do you consider program with cap_XXX calls at
beggining of main inside tar file to be security hole?
Pavel
-- The best software in life is free (not shareware)! Pavel GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:11 EST