Vulnerability Development mailing list archives
RE: Ports 0-1023?
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Sun, 7 Jul 2002 08:17:19 -0700
From: Kevin Easton [mailto:s3159795 () student anu edu au] Sent: Saturday, July 06, 2002 10:07 AM
I think rather than a proliferation of filesystem "setcap" bits for executables, it's likely that a program would remain setuid root, but drop all unneeded capabilities as it's first task when run (ie, ping would drop all capabilities except CAP_NET_RAW).
Note, though, that this design creates new possibilities for security programming errors. Programmers used to the I-can-do-anything environment of traditional uid-0 execution, or programmers updating code written with that assumption, may unwittingly create new exposures by preventing a program from operating normally. It's similar to the kind of exposure that occasionally crops up in a privileged program that doesn't check the return code from a system call it assumes will always succeed. I think it was IBM's Julie Haugh who pointed that out to me in a discussion of AIX's "setpriv" syscall on comp.unix.aix some years ago. That said, I'd prefer to see programs that retain only the specific privileges they need - but we need to remember that it's a different programming model than traditional uid-0 and requires care. Michael Wojcik Principal Software Systems Developer, Micro Focus Department of English, Miami University
Current thread:
- Ports 0-1023?, (continued)
- Ports 0-1023? alex (Jul 04)
- Re: Ports 0-1023? Michal Zalewski (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Re: Ports 0-1023? Blue Boar (Jul 04)
- Re: Ports 0-1023? Brian Hatch (Jul 05)
- Re: Ports 0-1023? Clint Byrum (Jul 05)
- Re: Ports 0-1023? Brian Hatch (Jul 04)
- Ports 0-1023? alex (Jul 04)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)
- Re: Ports 0-1023? Blue Boar (Jul 08)
- Re: Ports 0-1023? Robert Bihlmeyer (Jul 08)