Steven Rostedt wrote: > On Wed, 2012-01-11 at 11:25 -0600, Will Drewry wrote: > > > Filter programs may _only_ cross the execve(2) barrier if last filter > > program was attached by a task with CAP_SYS_ADMIN capabilities in its > > user namespace. Once a task-local filter program is attached from a > > process without privileges, execve will fail. This ensures that only > > privileged parent task can affect its privileged children (e.g., setuid > > binary). > > This means that a non privileged user can not run another program with > limited features? How would a process exec another program and filter > it? I would assume that the filter would need to be attached first and > then the execv() would be performed. But after the filter is attached, > the execv is prevented? Ugly method: Using ptrace(), trap after the execve() and issue fake syscalls to install the filter. I feel dirty thinking it, in a good way. LD_PRELOAD has been suggested. It's not 100% reliable because not all executables are dynamic (on some uClinux platforms none of them are), but it will usually work. -- Jamie -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
