[...]
> > If a binary requires a capability to run to do its job
> > then it either needs to be run by a user that has that
> > capability or it needs to be SUID to a user that does.
> No, the uid only supplies rights in the file system as currently; i.e., if
> the process runs 'setuid jschmoe', it has the ability to muck about with
> files owned by 'jschmoe'. If jschmoe has the capability for setting
> capabilities (and some others), he can create 'setuid jschmoe' binaries
> with caps that are a subset of the caps he _currently_ holds.
Problem is that jschmoe can take a hex editor to any file she wants, and
make it "ALL CAPS" and then SUID it, or just wait for somebody capable to
run it. Even if she hasn't got the "set capability" cap. That's why
capabilities can not reside in the executable file itself. But if they are
in the filesystem, you need specialized tools that can recover/set them.
F.ex. tar(1), so you can create backups that preserve them, etc. Or you
forget about the dearly beloved Unix way of doing things, and get a
different set of tools...
Also note that the capability to write to raw disk is in essence equivalent
to the current root power in both schemes.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Viņa del Mar, Chile +56 32 672616- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/