Re: Subject: Re: ext3 to include capabilities?

Richard Gooch (rgooch@atnf.csiro.au)
Sat, 3 Apr 1999 13:43:13 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andre M. Hedrick: "Re: DMA disabled and busy errors"
Previous message: David Ford: "Re: Subject: Re: ext3 to include capabilities?"

unknown@riverstyx.net writes:
> It's not really just about editing the password file though, is it?
> After all, if I have write access to all of root's other files, I can just
> make a cron job that dumps in an extra user to /etc/passwd, or any number
> of other possibilities... adding a capability for filesystem access to
> root's files would likely be more useful than just CAP_EDIT_PASSWD.
>
> On Sat, 3 Apr 1999, Richard Gooch wrote:
>
> > Meelis Roos writes:
> > > ADC> if(setuid){
> > > ADC> if(root_owned && cap_header) use_cap_header();
> > > ADC> else use_setuid_bit();
> > > ADC> }
> > >
> > > But here root is still special. Somebody who has the permissions to
> > > create users may create a root user or change root's password and thus
> > > gain access to root and then to everything?
> >
> > The capability to create users is the capability to edit /etc/passwd.
> > That implies being able to create root users. This has nothing to do
> > with Albert's scheme.
> >
> > A correct administration tool which has CAP_EDIT_PASSWD will prevent
> > creating root users unless CAP_GOD is set.

But my point is that the (privileged) security tools that allow an
operator to create users should prevent the operating from creating
root users. So it's a user space problem. It's completely orthogonal
from Albert's proposal.

Regards,

Richard....

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andre M. Hedrick: "Re: DMA disabled and busy errors"
Previous message: David Ford: "Re: Subject: Re: ext3 to include capabilities?"