Re: Filesystem Capabilities in 2.6?

Ryan Anderson (ryan@michonline.com)
Sun, 3 Nov 2002 16:02:10 -0500


On Sun, Nov 03, 2002 at 12:51:40PM +0000, Alan Cox wrote:
> On Sun, 2002-11-03 at 04:20, Linus Torvalds wrote:
> > - do a complete "find" over the whole system to show that there is not a
> > single suid binary anywhere.
>
> Thats a hard problem. Since your scan is non atomic and because you have
> directory notifications a running processes can have the setuid apps can
> move the setuid bits around the file system to hide from you.

I'm fairly certain that Linus was imagining a pre-compromise
vulnerability assessment scan, not a post-compromise "figure out where
the new holes are" scan, honestly. (You don't even need to have
directory notifications, if you've got a process that is tormenting you
like that, find can just be setup to not report certain things, etc
etc.)

-- 

Ryan Anderson sometimes Pug Majere - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/