Re: caps in elf headers: use the sticky bit!

Ulrich Schmid (uschmid@mail.hh.provi.de)
Thu, 15 Apr 1999 22:09:23 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Kiesling: "[OFFTOPIC] Re: Solaris tmpfs vs. Linux RAMdisk"
Previous message: Eric Werme USG: "Re: NFSv3 client for Linux-2.2.5 ready for alpha testing..."

On Tue, 13 Apr 1999, Riley Williams wrote:
>
> > 1. Use the sticky bit
>
> > 2. Allow a mount option so that the sticky/caps bit is only
> > honored if the executable is owned by root and writable only by
> > root.
>
>Lemme see, how easy would it be for a non-root user to create that...
>
> 1. Create ordinary binary by compiling as usual. Call it cracker for
> the purposes of this text, and set it up to have the relevant caps
> for some security hack you want to do.
>
> 2. Run the following commands, in the order specified:
>
> chmod 4755 cracker
> chown 0.0 cracker

OK, I missed that.

Second try:

1. Use the sticky bit

2. Set the immutable bit if available

3. Allow a mount option so that the sticky/caps bit is only honored if the
executable is also suid 0.

Use 3. if you can't trust the sticky bit alone.

A side effect of 3.:
In contrast to the pure suid 0 solution, 3. allows the suid bit to keep it's
old meaning, as long as the sticky bit is not set. This allows suid
functionality without putting the uid + suid-bit into the file content. If
both suid and raising caps are required by an executable, just use a wrapper:

-rwsr-xr-t root root wrapper
-rwsr-sr-x new_uid new_gid orig_executable

(wrapper raises some caps and exec's orig_executable.)

Ulrich Schmid

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Kiesling: "[OFFTOPIC] Re: Solaris tmpfs vs. Linux RAMdisk"
Previous message: Eric Werme USG: "Re: NFSv3 client for Linux-2.2.5 ready for alpha testing..."