That is, remove
- setuid/setgid feature from Linux
- cancel the capability attributes in files (or only only allow
downgrading of capabilities)
(e.g. mount everything as nosuid or something, but eventually, the
code could be removed from the kernel)
The only way to escalate privileges would be to request starting of
the executable by some daemon (like upstart), which would grant or
deny the request based totally on some user space policies.
If granted,
- would fork
- child would setup the specified credentials to self
- execve (or equivalent)
Hi,
Markku Savela <[email protected]> writes:
> That is, remove
>
> - setuid/setgid feature from Linux
>
> - cancel the capability attributes in files (or only only allow
> downgrading of capabilities)
>
> (e.g. mount everything as nosuid or something, but eventually, the
> code could be removed from the kernel)
>
> The only way to escalate privileges would be to request starting of
> the executable by some daemon (like upstart), which would grant or
> deny the request based totally on some user space policies.
Let's just hope then that this central facility is not buggy itself.
Because if that would be the only way to acquire privileges as
non-priviledged user, it is likely that every machine runs it.
Opposed to a bug in one setuid program that not everyone is even
garuanteed to have installed.
Hannes