> 1. Put capabilities information in the executable header.
> 2. Mark the executable setuid root.
> 3. Have the kernel check for #1 if #2, and prefer #1 if present.
That confuses everyones security scripts. It makes the binary run as root
on an older system, so if you downgrade you get a massive security hole
Actually, that's not the worst of the problem. If the capabilities
information is in the executable header, then it can be edited by the
owner of the file. This is *not* a good thing --- think of capabilities
as some of the various privileges of root split into separate
privileges. For example, the right to open a port below 1024, the right
to bypass filesystem access control checks, etc. The ability to edit
capabilities *must* be reserved to the kernel, and by putting it into
the executable header, it's subject to be edited by anyone with write
access to the file.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/