From: Muli Ben-Yehuda (mulix_at_nonexisting.hamakor.org.il)
Date: Tue 31 Aug 2004 - 14:00:06 IDT
On Tue, Aug 31, 2004 at 01:33:30PM +0300, Nadav Har'El wrote:
> On Tue, Aug 31, 2004, Nadav Har'El wrote about "Re: I'm not the process you think I am":
> > You can try doing this with Linux's little-known "capabilities" feature.
> > This allows you to have any user id, but with some of root's capabilities,
> > like binding any network address or writing any file (for example)
> > magically turned on. For your protection, you can even enable some capabilties
> > but not others.
>
> On second thought, while it's easy to have a root (uid 0) owned process
> with lesser privelges (useful for enhanced security), it's less clear how
> to use the "capabilities" mechanism to elevate the capabilities of a non-
> root process. capsetp (controlling another process) might not be allowed
> on standard kernels; And setuid et al. might clear all the capabilities
> while changing the uid :(
That's actually solvable, since in my scenario, I have a parent
process that's setuid 0, which can elevate the capabilities of the
target process after making it setuid user. But see my other mail on
why capabilities aren't a good solution at this stage.
Cheers,
Muli
-- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/
=================================================================
To unsubscribe, send mail to linux-il-request_at_linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Tue 31 Aug 2004 - 14:12:16 IDT