Drawing lessons from fatal SELinux bug #1054350

Bruno Wolff III bruno at wolff.to
Sat Jan 25 14:03:52 UTC 2014

On Fri, Jan 24, 2014 at 20:40:28 -0800,
   Josh Stone <jistone at redhat.com> wrote:
>My point was not about what root can do.  Suppose there's a vulnerable
>'sudo' binary that gives everyone a root shell.  If that binary is
>available on any executable path, even readonly, that's trouble.

That isn't true. File systems can be mounted such that suid bits are 
ignored. suid executables on such file systems are effectively just 
normal executables.

More information about the devel mailing list