I found an interesting paper about Linux capabilities and privilege escalation: http://dl.packetstormsecurity.net/papers/attack/exploiting_capabilities_the_dark_side.pdf
It explains how some capabilities can lead to a root shell. I commented out (removed) the capabilities for Shadow and Util-linux-ng because of a temp file race condition... Basically, umount, passwd, and other programs which create temporary files will create that file as the regular user (unless the program is suid), which allows the regular user to manipulate files such as /etc/mtab or /etc/shadow. For the moment suid-root is safer, but /bin/ping can keep using capabilities safely. robert
signature.asc
Description: This is a digitally signed message part.
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
