> Problem is that jschmoe can take a hex editor to any file she wants, and
> make it "ALL CAPS" and then SUID it, or just wait for somebody capable to
> run it. Even if she hasn't got the "set capability" cap. That's why
> capabilities can not reside in the executable file itself. But if they are
> in the filesystem, you need specialized tools that can recover/set them.
> F.ex. tar(1), so you can create backups that preserve them, etc. Or you
> forget about the dearly beloved Unix way of doing things, and get a
> different set of tools...
I was under the impression that caps in elf headers would only subtract
from what the user already had. So this would only be an issue if the user
could make the exec suid root.
> Also note that the capability to write to raw disk is in essence equivalent
> to the current root power in both schemes.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/