Re: caps in elf headers: use the sticky bit!

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dimitris Michailidis: "PATCH to make all CPUs pick up a new profiling frequency"
• Previous message: Richard Gooch: "Re: [PATCH] Capabilities, this time in elf section"
• Maybe in reply to: David L. Parsley: "caps in elf headers: use the sticky bit!"
• Next in thread: Al Lipscomb: "Re: caps in elf headers: use the sticky bit!"
• Reply: Al Lipscomb: "Re: caps in elf headers: use the sticky bit!"

[...]

> If you use the sticky bit for this purpose, a similar situation
> can happen: a normal user sets the sticky bit for a file when running
> an old kernel where it isn't restricted and then the file becomes
> privileged after switching kernels. This can be solved by ignoring
> the sticky bit on files not owned by root.

And you are back to square one: root is still very special, no SUID
<whatever> binaries allowed.

This stuff _has_ to go into the filesystem, no other scheme would work.

-- 
Horst von Brand                             vonbrand@sleipnir.valparaiso.cl
Casilla 9G, Viņa del Mar, Chile                               +56 32 672616


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Dimitris Michailidis: "PATCH to make all CPUs pick up a new profiling frequency"
• Previous message: Richard Gooch: "Re: [PATCH] Capabilities, this time in elf section"
• Maybe in reply to: David L. Parsley: "caps in elf headers: use the sticky bit!"
• Next in thread: Al Lipscomb: "Re: caps in elf headers: use the sticky bit!"
• Reply: Al Lipscomb: "Re: caps in elf headers: use the sticky bit!"