Re: Bug in how capability inheritance is handled in "fs/exec.c", 2.3.99

From: Pavel Machek (pavel@suse.cz)
Date: Mon May 29 2000 - 13:08:50 EST


Hi!

> That is, the whole concept of a "root shell" is prohibited by the POSIX
> 1.e Draft 17 rules. In fact the shell's executable runs with (P,I,E) =
> (0,0,0), so by default you don't run with any privileges whatever.
> Instead, the backup program would have CAP_DAC_READ_SEARCH (and thus be
> considered part of the TCB), and could enforce its own access control
> policies about who was allowed to execute the program.

Oh... Nearly every utility enforcing its own access control? That
means that buffer overrun in almost every utility means security
problem! Remembering what harm setuid programs already did, that does
not smell good.
                                                                Pavel

-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at discuss@linmodems.org

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed May 31 2000 - 21:00:22 EST