Re: Modifying kernel so that non-root users have some root capabilities

From: Chris Wright
Date: Mon May 24 2004 - 18:51:18 EST

Next message: Chris Wright: "Re: [PATCH] caps, compromise version (was Re: [PATCH] scaled-back caps, take 4)"
Previous message: Peter Williams: "Re: Minutes from 5/19 CKRM/PAGG discussion"
In reply to: Laughlin, Joseph V: "RE: Modifying kernel so that non-root users have some root capabilities"
Next in thread: Andy Lutomirski: "Re: Modifying kernel so that non-root users have some root capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Laughlin, Joseph V (Joseph.V.Laughlin@xxxxxxxxxx) wrote:
> > From: Steve Youngs [mailto:steve@xxxxxxxxxxxxx]
> >
> > I'm assuming that there are user-land tools to do these
> > things now for root, right? So why not look into things like
> > sudo(8) or even setuid executables?
>
> In short, it comes down to permissions problems with NFS mounted
> directories, combined with Rational ClearCase issues, combined with
> stringent security requirements.

Uh-oh, sounds like an insurmountable problem ;-) Well, keep in mind that
CAP_SYS_NICE and CAP_IPC_LOCK can DoS a machine pretty nicely.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "Re: [PATCH] caps, compromise version (was Re: [PATCH] scaled-back caps, take 4)"
Previous message: Peter Williams: "Re: Minutes from 5/19 CKRM/PAGG discussion"
In reply to: Laughlin, Joseph V: "RE: Modifying kernel so that non-root users have some root capabilities"
Next in thread: Andy Lutomirski: "Re: Modifying kernel so that non-root users have some root capabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]