-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
Am Do den 5. Nov 2015 um 17:19 schrieb Andy Lutomirski: > > With the present way, that was no problem (for OSS). You take away the > > SUID, set the capabilities and if the tool complains about not being > > root, look into the code and remove that stupid thing. With ambient > > capabilities, no one will see that the tool is doing such stupid thing > > as setting all capabilities unless some trouble is seen. > > SUID is, always has been, and always will be a minefield. People > writing SUID programs need to do it right. When the kernel adds a new > API, doing it right includes not adding a buggy call to the API. Thats right. But real world is not optimal. > The ambient capability code explicitly zeros pA when running a SUID > binary to avoid problems in which a SUID binary has unexpected ambient > capabilities. That is not the point. I do not talk about combining SUID and capabilities. I even seen that it was implemented that way. I talk about taking away rights from tools that don't need it. > IMO the right long term solution is to just stop using SUID and to > stop using any other mechanism that grants new privileges of any sort > when execve is called. Right. That is my intention. > When you can boot a distro with no_new_privs > set everywhere (including init) and everything works, then I'll think > we've made considerable progress. That might be a longer way to go. I also don't think it it fully doable. You do always need some applications having special rights. But I like to pick exactly that rights instead using sudo or SUID. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJWO5BzAAoJEKZ8CrGAGfas948L/jde8spo8N+vo+jqVSjRNIsV M1gHTJ4cahDvKhlK6z2a/5kQSINWP94Ir4LSNh+Qyvvq1ZIDBvVWIgadf4zf7TEf QfbgKFcdbJaXhWKjdgIaT8LTjRzvyqHGD9F8hoSAYI+zvjOJP3FpXi+1u4QNVcO6 ZiV1Ss+8hUGy44Y2If0yMwYe/Z88elqMOPGHJhqeq44unWG0ZFek5R2xOg2g9qed MMSz49BLarg0TI9tMO7uwkMXfmhKDh3L0Tdwr6xANwPuaBe5qnFVpQpJ/T/AESv7 uTtzDEjJwN9ZBZra8Zc/Xp02ELoMigAtEWprkl78dEmtKUJnej3MP9xivc6EtKAK zKunFCmltjwVAtwdggBN+XuJofqltFt0FZpyfX3AwjNrW5ltkXbA/tNL0zoQalqX +NoFmdEWdi5PcMdxKNoZp7jwrSYG7UN8KDe7ZsSGqrV6iH+pd1KWNog8LOdU3t+W IfbKdHqVQkIKyYz2R9Dd/o2XnUYpymE75SsZu+6Yhw== =ffr7 -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
