Quoting Aaron Jones ([email protected]): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > I have isolated the problem. File capabilities are not assigned when > the program being executed is located on a filesystem mounted with > the "nosuid" option. > > This seems counter-intuitive; a fully capability-based system would > not use setuid binaries...
Not strictly true. setuid really just means 'change uid'. The fact that it can also raise/lower capability sets just muddles the issue. If you want that behavior stopped you can do so using SECBIT_NO_SETUID_FIXUP. > so a logical thing to do would be to > prevent the setuid bits from doing anything, which is what the > nosuid flag is for, no? > > Or am I missing something? > > Can we get a config flag to toggle this behaviour? I think generally when people mount nosuid it is to prevent an untrusted source (usb stick, whatever) from providing a untrusted but privileged program. Be that through setuid-root binaries or file capabilities. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
