On Tue, 9 Aug 2005, Chris Wright wrote: > * Bodo Eggert ([EMAIL PROTECTED]) wrote: > > Chris Wright <[EMAIL PROTECTED]> wrote: > > > * David Madore ([EMAIL PROTECTED]) wrote:
> > >> * Second, a much more extensive change, the patch introduces a third > > >> set of capabilities for every process, the "bounding" set. Normally > > > > > > this is not a good idea. don't add more sets. if you really want to > > > work on this i'll give you all the patches that have been done thus far, > > > plus a set of tests that look at all the execve, ptrace, setuid type of > > > corner cases. > > > > How are you going to tell processes that may exec suid (or set-capability-) > > programs from those that aren't supposed to gain certain capabilities? > > typically you'd expect exec suid will reset to full caps. ACK, but 1) I wouldn't want an exploited service to gain any privileges, even by chaining userspace exploits (e.g. exec sendmail < exploitstring). For most services, I'd like CAP_EXEC being unset (but it doesn't exist). 2) There are environments (linux-vserver.org) which limit root to a subset of capabilities. I think they might use that feature, too. Off cause a simple "suid bit" == "all capabilities" scheme won't work there. -- "Just because you are paranoid, do'nt mean they're not after you." -- K.Cobain - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/