Re: [PATCH] Capabilities, this time in elf section
Horst von Brand (vonbrand@sleipnir.valparaiso.cl)
Sun, 11 Apr 1999 11:00:27 -0400
Gregory Maxwell <linker@z.ml.org> said:
> On Sat, 10 Apr 1999, Horst von Brand wrote:
> > Problem is that jschmoe can take a hex editor to any file she wants, and
> > make it "ALL CAPS" and then SUID it, or just wait for somebody capable to
> > run it. Even if she hasn't got the "set capability" cap. That's why
> > capabilities can not reside in the executable file itself. But if they are
> > in the filesystem, you need specialized tools that can recover/set them.
> > F.ex. tar(1), so you can create backups that preserve them, etc. Or you
> > forget about the dearly beloved Unix way of doing things, and get a
> > different set of tools...
> I was under the impression that caps in elf headers would only subtract
> from what the user already had. So this would only be an issue if the user
> could make the exec suid root.
Or get somebody capable running it. I.e, suspect that people are liable to
type "sl" for "ls", and hide an "sl" binary with all caps somewhere.
--
Horst von Brand vonbrand@sleipnir.valparaiso.cl
Casilla 9G, Viņa del Mar, Chile +56 32 672616
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/