system file ownership
mordae at thirdcms.org
Mon Jun 4 00:29:21 PDT 2007
Robert Connolly wrote:
> The libcap-1.10/doc/capability.notes file says it's more secure for root to
> not own any files on the system. It suggests having a 'system' user, who
> never logs in, owning everything that root would normally own. This is true
> to an extent...
Okay... Some random daemon running as root without root's fs caps gets
cracked. There is /bin/su owned by root for sure, so he modifies it,
makes it setuid again and then switches to some random uid and runs
/bin/su that does what is required.
Would that work? How do you defend against this, if it does?
More information about the hlfs-dev