| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTi=kxpFkQ86ZGd2_q+XFRm-nVWzw4g@mail.gmail.com> Date: Tue, 19 Apr 2011 00:02:17 +0900 From: crocket <crockabiscuit@...il.com> To: "Serge E. Hallyn" <serge@...lyn.com> Cc: linux-kernel@...r.kernel.org Subject: Re: Linux capabilities shouldn't be lost during setuid to non-root from root or to another non-root uid from a non-root uid. I have several questions. 1) How do I set SECBIT_NO_SETUID_FIXUP? 2) Is there any reason to unset SECBIT_NO_SETUID_FIXUP by default? On Mon, Apr 18, 2011 at 5:28 PM, Serge E. Hallyn <serge@...lyn.com> wrote: > Quoting crocket (crockabiscuit@...il.com): >> I don't like the fact that an application should be linux-specific to >> keep capabilities after setuid. >> If users added capabilities to a file, they would know what they were >> doing, and they would want applications to keep capabilities even >> after setuid. > > Alternatively, you could call the program using a wrapper which first > sets the SECBIT_NO_SETUID_FIXUP securebit, after which setuid would > not trigger any capability changes. > > -serge > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists