On Fri, Sep 27, 2013 at 07:33:28PM +0000, "Jóhann B. Guðmundsson" wrote: > I dont have any security degrees nor do I consider myself an evil > man and probably Steve and Dan would be better suited to answer this > question since I'm far from being any expert on the subject but > hypothetically would not someone being able to do something like > this in this educational sample I'm providing So, to cut out the code, what you're saying is that someone could use this to create a binary which executes as effective root. This is true, but a) one is actually running as root inside the container anyway and b) one can just use full setuid. Additionally, this wouldn't let someone _not_ root in the container set filesystem capabilities. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
