On Tue, 9 Aug 2005, Chris Wright wrote: > * Bodo Eggert ([EMAIL PROTECTED]) wrote:
> > 1) I wouldn't want an exploited service to gain any privileges, even by > > chaining userspace exploits (e.g. exec sendmail < exploitstring). For > > most services, I'd like CAP_EXEC being unset (but it doesn't exist). > > Don't let it exec things it shouldn't. This can be done with namespaces > or for finer-grained, that is what smth like SELinux is made for. Namespaces may be OK for bind, but things like samba can't really use them and SELinux sounds more heavyweight (for brain and CPU). > > 2) There are environments (linux-vserver.org) which limit root to a subset > > of capabilities. I think they might use that feature, too. Off cause a > > simple "suid bit" == "all capabilities" scheme won't work there. > > IIRC, they effectively use the bounded set as per-context. So it'd not > make any difference there. It could possibly be combined into one mechanism (less intrusive patch). -- Funny quotes: 14. Eagles may soar, but weasels don't get sucked into jet engines. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/