Re: capabilities patch (v 0.1)

From: David Madore
Date: Tue Aug 09 2005 - 16:49:42 EST

Next message: Alan Cox: "Re: PROBLEM: "drive appears confused" and "irq 18: nobody cared!""
Previous message: Alan Cox: "Re: irqpoll causing some breakage?"
In reply to: Bodo Eggert: "Re: capabilities patch (v 0.1)"
Next in thread: David Wagner: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 09, 2005 at 11:36:00PM +0200, Bodo Eggert wrote:
> 1) I wouldn't want an exploited service to gain any privileges, even by
> chaining userspace exploits (e.g. exec sendmail < exploitstring). For
> most services, I'd like CAP_EXEC being unset (but it doesn't exist).

I intend to add a couple of capabilities which are normally available
to all user processes, including capability to exec(), capability to
fork() and a couple of others (maybe a capability to perform any kind
of write operation, but that seems a bit more difficult to implement).
So keep an eye open[#] for future versions of my patch.

--
David A. Madore
(david.madore@xxxxxx,
http://www.madore.org/~david/ )

[#] On the other hand, I have a strong tendency not to finish anything
I start :-( so maybe this is all just vaporware.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: PROBLEM: "drive appears confused" and "irq 18: nobody cared!""
Previous message: Alan Cox: "Re: irqpoll causing some breakage?"
In reply to: Bodo Eggert: "Re: capabilities patch (v 0.1)"
Next in thread: David Wagner: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]