--- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote: > Quoting Casey Schaufler ([EMAIL PROTECTED]): > > > > --- "Serge E. Hallyn" <[EMAIL PROTECTED]> wrote: > > > > > ... > > > The other is that root can lose capabilities by > > > executing files with > > > only some capabilities set. The next two > patches > > > change these > > > behaviors. > > > > It was the intention of the POSIX group that > > capabilities be independent of uid. I would > > argue that the old bevavior was correct, that > > a program marked to lose a capability ought > > to even if the uid is 0. > > Agreed, and if SECURE_NOROOT is set, that is what > happens. > But by default SECURE_NOROOT is not set, in which > case linux's > implementation of capabilities behaves differently > for root. > > Without this latest patch, with SECURE_NOROOT not > set, what was > actually happening was that the kernel behaved as > though > SECURE_NOROOT was not set so long as there was no > security.capability xattr, and always behaved as > though > SECURE_NOROOT was set if there was an xattr. That's > inconsistent > and confusing behavior. > > The worst part is that root can get around running > the code > with limited caps by just copying the file and > running the > copy. So it adds no security benefit, and adds an > inconsistency/complication which could cause > security risks.
OK, no worries then. Casey Schaufler [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
