system file ownership

Jan Dvořák mordae at thirdcms.org
Mon Jun 4 00:29:21 PDT 2007


Robert Connolly wrote:
> The libcap-1.10/doc/capability.notes file says it's more secure for root to 
> not own any files on the system. It suggests having a 'system' user, who 
> never logs in, owning everything that root would normally own. This is true 
> to an extent...
Okay... Some random daemon running as root without root's fs caps gets 
cracked. There is /bin/su owned by root for sure, so he modifies it, 
makes it setuid again and then switches to some random uid and runs 
/bin/su that does what is required.

Would that work? How do you defend against this, if it does?



More information about the hlfs-dev mailing list