> To take the best of both I would like to suggest:
> 1. Use the sticky bit
> 2. Allow a mount option so that the sticky/caps bit is only
> honored if the executable is owned by root and writable only by
> root.
Lemme see, how easy would it be for a non-root user to create that...
1. Create ordinary binary by compiling as usual. Call it cracker for
the purposes of this text, and set it up to have the relevant caps
for some security hack you want to do.
2. Run the following commands, in the order specified:
chmod 4755 cracker
chown 0.0 cracker
I wonder what the result of that would be...
> This would allow the _sysadmin_ to decide if it is appropriate
> to get ride of the special meaning of UID 0.
> A caps-purist in a homogeneous environment could allow the
> sticky/caps bit used independent of an UID.
> A pragmatic person in a heterogeneous environment could restrict
> the caps-functionality in shared filesystems to files owned by
> UID 0.
> Comments?
It's a security risk that isn't worth taking, IMHO...
Best wishes from Riley.
+----------------------------------------------------------------------+
| There is something frustrating about the quality and speed of Linux |
| development, ie., the quality is too high and the speed is too high, |
| in other words, I can implement this XXXX feature, but I bet someone |
| else has already done so and is just about to release their patch. |
+----------------------------------------------------------------------+
* ftp://ftp.MemAlpha.cx/pub/rhw/Linux
* http://www.MemAlpha.cx/kernel.versions.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/