[snip]
> 3) When a file has the 'cap flag' set, the kernel must treat it as
> immutable to prevent the owner from editing the capabilities directly in
> the binary. The user must first un-set the flag (checked exactly as if
> they were removing all caps in the fs), then modify caps, then attempt to
> re-set as in (2). This differs significantly from true caps in the fs,
> although this sort of behavior might be advantageous in a caps system:
> consider a black hat who remotely logs in as some user; since the login is
> remote, likely no caps should be raised. But if that user owns a binary
> with a set of permitted caps, the black hat could modify the binary to do
> Evil Things (tm).
[snip]
I'm not very familiar with LK-caps, but I assume there is a raw-disk cap.
Processes with this cap should be able to modify a set-caped bin without
turning off caps first. If there are other flags of a simmlar spirit, then
the same should be true.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/