oss-sec mailing list archives
Re: CVE-NONE kernel: PHONET signedness issue
From: Michael Gilbert <michael.s.gilbert () gmail com>
Date: Thu, 6 Jan 2011 13:29:34 -0500
On Thu, 6 Jan 2011 13:08:59 -0500, Dan Rosenberg wrote:
This is a slippery slope. I'm in favor of not having a CVE assigned for this issue. Otherwise, wouldn't we need a CVE for every vector that allows transitioning from various capabilities to root? The capability system may be poorly designed to allow such transitions, but I don't think they represent unexpected behavior.
What's the point of a capabilities system if its equivalent to root in the majority of cases anyway? For file access/operations, there is always sudo and the /etc/sudoers file for making it easy to access to stuff thats accessed often without a password. For port binding, the capabilities system makes sense; and according to Brad Spengler's list, those caps don't appear to be root equivalent so that could stay. Otherwise, I don't see the point. I'm not sure if there is a written security model for the capabilities system, but this looks to me like it would be a violation of it. Best wishes, Mike
Current thread:
- CVE-NONE kernel: PHONET signedness issue Eugene Teo (Jan 05)
- Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Dan Rosenberg (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Nelson Elhage (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Steven M. Christey (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Dan Rosenberg (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)