* jnf ([EMAIL PROTECTED]) wrote: > I will read the paper before commenting on it further, however I cannot > see what dangers it would really provide that a setuid program doesnt > already have- other than the ability to give another non-root process root > like abilities. However, the more I ponder it, it seems as if you could
It was a dangerous failure mode when a capability isn't present that hit sendmail. > accomplish a lot of things with a set of ACL's and Capabilities (think > compartmentalizing everything from each other where no one thing has full > control of anything other than its particular subsystem). Yes, that's the ideal. Unfortunately it doesn't work out quite so neatly ;-/ > > Since /proc/kmsg is 0400 you need CAP_DAC_READ_SEARCH (don't necessarily > > need full override). Otherwise, you are right, you do need CAP_SYS_ADMIN. > > Or just use syslog(2) directly, and you'll avoid the DAC requirement. > > Hrm, even a chmod of it didn't appear to really affect things? Should, and it makes a difference for me. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/