On 10/01/2013 01:27 PM, Matthew Miller wrote:
On Fri, Sep 27, 2013 at 07:33:28PM +0000, "Jóhann B. Guðmundsson" wrote:
I dont have any security degrees nor do I consider myself an evil
man and probably Steve and Dan would be better suited to answer this
question since I'm far from being any expert on the subject but
hypothetically would not someone being able to do something like
this in this educational sample I'm providing
So, to cut out the code, what you're saying is that someone could use this
to create a binary which executes as effective root. This is true, but a)
one is actually running as root inside the container anyway and b) one can
just use full setuid. Additionally, this wouldn't let someone _not_ root in
the container set filesystem capabilities.
Actually the code I posted creates backdoor to give an user who runs it
the ability to gain root privileges via setcap ( setcap cap_setuid=ep
.b ).
I intentionally left out the part how you gain superuser, big
capabilities, etc to insert it in the first place ( let's not give nsa
any more bright ideas )
JBG
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
