It is ok if suid binaries do what they are privileged to. But it is not ok
if unprivileged users do what they want using privileges of those suid
binaries.
Controling qouta is not a user-space task. Kernel should perform some
additional checks before allowing suid binary to write to file descriptor
that is inherited from unprivileged user process.
Good solution is to check CAP_SYS_RESOURCE process's capability when the
file descriptor is opened (just like CAP_DAC_OVERRIDE and
others are checked).
_________________________________________________________________
Wojciech Purczyński | Security Officer | http://cliph.linux.pl/
-----------------------------------------------------------------
Murphy's law says that there is always one more bug...
...but he forgot to mention whether it is exploitable.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/