> With the current behaviour an app has to link against libcap and do:
>
> prtctl(PR_SET_KEEPCAPS, 1)
> pre_caps = (capgetp(0, cap_init()) // save our caps into a struct
> setuid(uid)
> setgid(gid)
> capsetp(0,pre_caps) // Restore them
>
> With this patch, the app does:
>
> prtctl(PR_SET_KEEPCAPS, 1)
> setuid(uid)
> setgid(gid)
Are you sure about the current behaviour? Taking vsftpd as an example, it
does
prctl()
setuid()
setgid()
cap_set_proc()
i.e. it only fiddles with capabilities after dropping euid == 0. Of
course, someone is welcome to fiddle with capabilities while euid == 0.
But, euid == 0 is hugely privileged even without any capabilities. So, the
benefit of running with euid == 0 and less than full capabilities is a bit
limited.
Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/