capabilities, cap_set_cap and setuid()
From: uaca
Date: Tue Jun 22 2004 - 04:03:42 EST
Hi
I didn't find an answer about enabling CAP_SETPCAP
Why is deemed a security risk?
Maybe the question seems silly but, where is the risk, a root user
can setuid /bin/sh and maked things still more fun... it sounds brain dead.
Another question... why is not allowed to do the following:
uid = 0 program enables enables only one capability (in all sets) and if it
changes to another uid (by calling setuid) the program losses the
capability.
Any comment would be greatly appreciated
Thanks in advance
Ulisses
Debian GNU/Linux: a dream come true
-----------------------------------------------------------------------------
"Computers are useless. They can only give answers." Pablo Picasso
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/