[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



On Saturday 06 December 2008 12:58:11 Joe Nall wrote:
> > Because if they didn't type --help, we are going to have to log the  
> > attempted compromise. Sending an audit event requires CAP_AUDIT_WRITE. You
> > have to be setuid root from the beginning or not at all.
>
> Can't a non-root user audit now that we have file system capabilities?

Yes, but so far the only test we tried was soundly rejected by the Fedora 
community. So, I think this is a non-starter. If we couldn't do ping, we 
definitely can't do shadow-utils.

But even if we did use the filesystem capabilities, now you have a program with 
elevated privileges and much more work has to be done to prove that its safe, 
document its internal logic, and test its protection. Any program with file 
system capabilities becomes a target for attack.

And all this work just for --help ?  Seriously.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]