| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110418082838.GA30088@hallyn.com> Date: Mon, 18 Apr 2011 03:28:38 -0500 From: "Serge E. Hallyn" <serge@...lyn.com> To: crocket <crockabiscuit@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: Linux capabilities shouldn't be lost during setuid to non-root from root or to another non-root uid from a non-root uid. Quoting crocket (crockabiscuit@...il.com): > I don't like the fact that an application should be linux-specific to > keep capabilities after setuid. > If users added capabilities to a file, they would know what they were > doing, and they would want applications to keep capabilities even > after setuid. Alternatively, you could call the program using a wrapper which first sets the SECBIT_NO_SETUID_FIXUP securebit, after which setuid would not trigger any capability changes. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists