capabilities and privilege escalation
robert at linuxfromscratch.org
Sun Aug 21 00:38:30 PDT 2011
I found an interesting paper about Linux capabilities and privilege
It explains how some capabilities can lead to a root shell. I commented out
(removed) the capabilities for Shadow and Util-linux-ng because of a temp file
Basically, umount, passwd, and other programs which create temporary files will
create that file as the regular user (unless the program is suid), which allows
the regular user to manipulate files such as /etc/mtab or /etc/shadow.
For the moment suid-root is safer, but /bin/ping can keep using capabilities
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the hlfs-dev