RE: Potential future capabilities hole!!

Jeremy Fitzhardinge (jeremy@goop.org)
Mon, 07 Jun 1999 19:25:53 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H. Peter Anvin: "Re: Migrating to larger numbers"
Previous message: Jens Axboe: "Re: Can't play audio CD's with ide-scsi"

On 08-Jun-99 Chris Evans wrote:
> I just noticed that the kernel executes "modprobe" with _all_ capabilities
> raised.
>
> This might cause headache in the future, when we can run without a root
> user (and/or ban certain capabilities from ANYONE on the system), because
>
> 1) The user owning the "modprobe" binary will be able to take over the
> system

Yep, because modprobe puts new code in the kernel, where it can do anything
it likes. If you don't trust modprobe, there's not a lot you can do.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: H. Peter Anvin: "Re: Migrating to larger numbers"
Previous message: Jens Axboe: "Re: Can't play audio CD's with ide-scsi"