Re: capabilities PATCH

Michal Kosek (michau@august.V-LO.krakow.pl)
Wed, 7 Jun 2000 17:17:43 +0200 (CEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James Sutherland: "Re: ULTRA ATA/100 announced"
Previous message: James Sutherland: "Re: ULTRA ATA/100 announced"
In reply to: Jesse Pollard: "Re: capabilities PATCH"
Next in thread: Jesse Pollard: "Re: capabilities PATCH"

> > And what about POSIX compliance? Do you think that it is good to modify
> > the behaviour of setuid() as I did? Please look at the patch:
> > ftp://ftp.v-lo.krakow.pl/pub/linux/patches/
> >
> What you are referring to as a problem is the use of the wrong sys call:

I know the behaviour of these syscalls. Problem is in other place:
creators of some programs think that their programs will be always run
with euid==0 (for example programs using svgalib). So they think that
after calling setuid() they drop all the privileges of previous uid.
Using my patch I can make some user capable to access ports, and his *uid
will be different than 0. So setuid() won't drop all his previous
privileges. And it may be dangerous.
Using other syscall doesn't solve the problem - you would have to modify
eg. all programs using svgalib! Changing the syscall is much easier, and I
think that now the things will be much logical...

Michal Kosek

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Sutherland: "Re: ULTRA ATA/100 announced"
Previous message: James Sutherland: "Re: ULTRA ATA/100 announced"
In reply to: Jesse Pollard: "Re: capabilities PATCH"
Next in thread: Jesse Pollard: "Re: capabilities PATCH"