Steve Langasek <[EMAIL PROTECTED]> writes: > There are no extra privileges; noptrace is intended to be a group that owns > no files other than the sgid binaries, can write to none of them, contains > no users, is unable to ptrace any other processes that it couldn't already, > and doesn't grant privileges to kill any processes that the user couldn't > already kill. It's an extra group membership, but where do you see extra > privileges here?
The key word is "intended" -- I can easily envision situations in which group-noptrace-writable files exist, either due to inconsistent uid/gid mappings across filesystem boundaries or due to executables accidentally winding up mode 2755. To be sure, both are corner cases and arguably operator error, and exploiting them requires additional bugs, but why take the chance? Furthermore, it would be nice to be able to create a protected executable for personal use without having special privileges, or to be able to mount a filesystem nosuid without losing process protection. -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
