Re: capabilities PATCH

From: Michal Kosek (michau@august.V-LO.krakow.pl)
Date: Wed Jun 07 2000 - 10:17:43 EST


> > And what about POSIX compliance? Do you think that it is good to modify
> > the behaviour of setuid() as I did? Please look at the patch:
> > ftp://ftp.v-lo.krakow.pl/pub/linux/patches/
> >
> What you are referring to as a problem is the use of the wrong sys call:

I know the behaviour of these syscalls. Problem is in other place:
creators of some programs think that their programs will be always run
with euid==0 (for example programs using svgalib). So they think that
after calling setuid() they drop all the privileges of previous uid.
Using my patch I can make some user capable to access ports, and his *uid
will be different than 0. So setuid() won't drop all his previous
privileges. And it may be dangerous.
Using other syscall doesn't solve the problem - you would have to modify
eg. all programs using svgalib! Changing the syscall is much easier, and I
think that now the things will be much logical...

Michal Kosek

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:28 EST