Re: Subject: Re: ext3 to include capabilities?

Richard Gooch (rgooch@atnf.csiro.au)
Sat, 3 Apr 1999 08:16:53 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard Gooch: "Re: ext3 to include capabilities?"
Previous message: Michael K Vance: "Re: PPP version?"
In reply to: Jens Axboe: "Re: CDROM ioctl errors in 2.0.36"
Next in thread: David Ford: "Re: Subject: Re: ext3 to include capabilities?"
Reply: David Ford: "Re: Subject: Re: ext3 to include capabilities?"

Meelis Roos writes:
> ADC> if(setuid){
> ADC> if(root_owned && cap_header) use_cap_header();
> ADC> else use_setuid_bit();
> ADC> }
>
> But here root is still special. Somebody who has the permissions to
> create users may create a root user or change root's password and thus
> gain access to root and then to everything?

The capability to create users is the capability to edit /etc/passwd.
That implies being able to create root users. This has nothing to do
with Albert's scheme.

A correct administration tool which has CAP_EDIT_PASSWD will prevent
creating root users unless CAP_GOD is set.

Regards,

Richard....

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Gooch: "Re: ext3 to include capabilities?"
Previous message: Michael K Vance: "Re: PPP version?"
In reply to: Jens Axboe: "Re: CDROM ioctl errors in 2.0.36"
Next in thread: David Ford: "Re: Subject: Re: ext3 to include capabilities?"
Reply: David Ford: "Re: Subject: Re: ext3 to include capabilities?"