pavel-velo writes:
>>> Granted the setuid bit disables the elfcap, unless run as root....
>>
>> The "unless run as root" part need not be true. There are many ways
>> to deal with that:
>>
>> a. the check is NOT for UID alone; the setuid bit MUST be set
>> b. panic the kernel if a buggy UID 0 process tries this trick
>> c. anything else, since no process should have UID 0
>>
>> As I recall, method "a" is actually implemented.
>
> I do not think so., but I don't have sources handy...
I think it was done, for performance reasons. By checking for
setuid-root first, the elfcap parsing could be skipped when it
is unnecessary.
Anyway, it doesn't matter much, and it would be easy to add if it
isn't already implemented.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jun 23 2000 - 21:00:16 EST