Re: RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2010/12/21 Miloslav TrmaÄ:
If an attacker were controlling a process running with uid 0 and no
capabilities at all, and /bin/sh were 0555, nothing prevents the
attacker from chmod()ing /bin/sh to 0755 and overwriting it. ÂThis makes
any attempts to change the file permissions rather pointless.

You don't even need to change permissions for root to be able to delete or change the contents of the directory.

Dick
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux