>> You want to allow shellscripts with special powers?!?!?
>>
>> If so, you might as well start by allowing setuid shell scripts.
>> That was a massive security hole last I heard.
>
> Exactly because it is such a security leak, it might be very useful to only
> allow a _very_ specific subset of capabilities for a specific shell script
> instead of making it setuid 0. Your analogy is seriously flawed, thats the
> exact situation where capabilites are useful.
So it is only trivial to steal a few capabilites. Gee.
The hole goes something like this:
You grant a script the ability to do X, Y, and Z.
I invoke it through a symlink that I control.
The kernel starts up the interpreter you specified.
(this interpreter now has X, Y, and Z abilities)
I change the symlinks while your interpreter is loading.
Your interpreter runs my script with X, Y, and Z abilities.
Sure, I didn't get UID 0 right away. I did get the capabilites
that you were trying to protect though, and it wasn't even hard.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/