2010/12/21 Miloslav TrmaÄ <mitr@xxxxxxxx>: > If an attacker were controlling a process running with uid 0 and no > capabilities at all, and /bin/sh were 0555, nothing prevents the > attacker from chmod()ing /bin/sh to 0755 and overwriting it. ÂThis makes > any attempts to change the file permissions rather pointless. Ah, of course. That makes sense, thanks! But it leaves me feeling pretty uncertain about the value of trying to subset capabilities... -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
