Drawing lessons from fatal SELinux bug #1054350
Bruno Wolff III
bruno at wolff.to
Sat Jan 25 14:03:52 UTC 2014
On Fri, Jan 24, 2014 at 20:40:28 -0800,
Josh Stone <jistone at redhat.com> wrote:
>
>My point was not about what root can do. Suppose there's a vulnerable
>'sudo' binary that gives everyone a root shell. If that binary is
>available on any executable path, even readonly, that's trouble.
That isn't true. File systems can be mounted such that suid bits are
ignored. suid executables on such file systems are effectively just
normal executables.
More information about the devel
mailing list