--- tani hosokawa river styx internet
On Sat, 3 Apr 1999, Richard Gooch wrote:
> Meelis Roos writes: > > ADC> if(setuid){ > > ADC> if(root_owned && cap_header) use_cap_header(); > > ADC> else use_setuid_bit(); > > ADC> } > > > > But here root is still special. Somebody who has the permissions to > > create users may create a root user or change root's password and thus > > gain access to root and then to everything? > > The capability to create users is the capability to edit /etc/passwd. > That implies being able to create root users. This has nothing to do > with Albert's scheme. > > A correct administration tool which has CAP_EDIT_PASSWD will prevent > creating root users unless CAP_GOD is set.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/