Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755941AbbDUTjS (ORCPT ); Tue, 21 Apr 2015 15:39:18 -0400 Received: from cavan.codon.org.uk ([93.93.128.6]:34594 "EHLO cavan.codon.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755560AbbDUTjR (ORCPT ); Tue, 21 Apr 2015 15:39:17 -0400 Date: Tue, 21 Apr 2015 20:38:53 +0100 From: Matthew Garrett To: "Eric W. Biederman" Cc: Tom Gundersen , Jiri Kosina , Greg Kroah-Hartman , Andy Lutomirski , Linus Torvalds , Andrew Morton , Arnd Bergmann , One Thousand Gnomes , "linux-kernel@vger.kernel.org" , Daniel Mack , David Herrmann , Djalal Harouni Subject: Re: [GIT PULL] kdbus for 4.1-rc1 Message-ID: <20150421193852.GA12633@srcf.ucam.org> References: <20150415122555.74258d63@lxorguk.ukuu.org.uk> <20150415154551.GE6801@home.goodmis.org> <20150415163520.GA25105@kroah.com> <20150415130649.6f9ab20f@gandalf.local.home> <20150415173145.GA26146@kroah.com> <20150415225611.0c256ea6@lxorguk.ukuu.org.uk> <552F8F97.3040208@zonque.org> <87mw21qvyx.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87mw21qvyx.fsf@x220.int.ebiederm.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1030 Lines: 21 On Tue, Apr 21, 2015 at 11:36:54AM -0500, Eric W. Biederman wrote: > > HeHeHe. You mean all I need to do to get around all of the logging servers is > capture CAP_SYS_BOOT? Say like just capture this crazy watchdog program > that doesn't run as root so that it can only reboot the system? HeHeHe > So I can just trigger a clean reboot wait for journald, auditd, and > syslog all to shut down and then do evil things to the machine without > having to worry about erasing forensic evidence? CAP_SYS_BOOT gives you kexec, and kexec with init=/bin/sh lets you do anything. You added that in dc009d92435f99498cbc579ce76bf28e837e2c14 and now the horse is long gone. Don't give CAP_SYS_BOOT to anything you don't trust with full privileges. -- Matthew Garrett | mjg59@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/