I was getting ready to suggest you should move to filesystem caps rather then setuid/gid. That article Stephen linked to states similar.
On Fri, Apr 24, 2015 at 11:00 AM, Stephen Smalley <[email protected]> wrote: > On 04/24/2015 01:46 PM, Tai Nguyen (tainguye) wrote: > > Hi Stephen, > > > > Can you clarify ³adbd drops all capabilites from the bounding set² ? > Also, > > how is it related to setmask process which has suid itself? > > See "Capability bounding" in > > https://source.android.com/devices/tech/security/enhancements/enhancements43.html > > grep PR_CAPBSET_DROP system/core/adb/* > > Once removed from the capability bounding set, you cannot get it back > via exec'ing a setuid-root program. man 7 capabilities > > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > -- Respectfully, William C Roberts
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
