oss-sec mailing list archives
Re: filesystem capabilities
From: Kees Cook <kees () ubuntu com>
Date: Wed, 10 Nov 2010 10:01:28 -0800
On Mon, Nov 08, 2010 at 12:37:35PM +0100, Sebastian Krahmer wrote:
To me it looks like an error condition where you should die() if you see +s root AND fscaps applied.
Right now the kernel will only apply the caps and will ignore the setuid bit, actually, if both are seen: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=b5f22a59c0356655a501190959db9f7f5dd07e3f -Kees -- Kees Cook Ubuntu Security Team
Current thread:
- filesystem capabilities Solar Designer (Nov 07)
- Re: filesystem capabilities Ludwig Nussel (Nov 08)
- Re: filesystem capabilities Sebastian Krahmer (Nov 08)
- Re: filesystem capabilities Kees Cook (Nov 10)
- Re: filesystem capabilities Sebastian Krahmer (Nov 08)
- Re: filesystem capabilities yersinia (Nov 08)
- Re: filesystem capabilities James Morris (Nov 08)
- <Possible follow-ups>
- Re: filesystem capabilities Steve Grubb (Nov 08)
- Re: filesystem capabilities Steve Grubb (Nov 08)
- Re: filesystem capabilities Kees Cook (Nov 10)
- Re: filesystem capabilities Steve Grubb (Nov 10)
- Re: filesystem capabilities Kees Cook (Nov 10)
- Re: filesystem capabilities Steve Grubb (Nov 10)
- Re: filesystem capabilities Kees Cook (Nov 18)
- Re: filesystem capabilities Daniel J Walsh (Nov 18)
- Re: filesystem capabilities Kees Cook (Nov 10)
- Re: filesystem capabilities Ludwig Nussel (Nov 08)