RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)
Miloslav Trmač
mitr at volny.cz
Tue Dec 21 21:37:44 UTC 2010
Colin Walters píše v Út 21. 12. 2010 v 11:47 -0500:
> "But they still have uid 0, which typical system installation allows
> root to do things. For example, /bin/sh is 0755 and /bin is also 0755
> perms. A disarmed root process can still trojan a system. But what if
> we got rid of all the read/write permissions for root?"
>
> So...right, "we can do these small changes, and then if we do this BIG
> CHANGE, it all works!". But this feature doesn't include BIG CHANGE,
> and there are no plans to, right?
No. The original plans didn't count with the fact that changing
permissions by owner does not require any capabilities either.
If an attacker were controlling a process running with uid 0 and no
capabilities at all, and /bin/sh were 0555, nothing prevents the
attacker from chmod()ing /bin/sh to 0755 and overwriting it. This makes
any attempts to change the file permissions rather pointless.
Mirek
More information about the devel
mailing list