28 Dec 2003 02:27
Re: LIDS and Capabilities
Brian Hatch <bri <at> ifokr.org>
2003-12-28 01:27:19 GMT
2003-12-28 01:27:19 GMT
> Now I have /bin/bash with 4777 permissions and /home/bash with 4777 > permissions.w when i run /bin/bash -p i get the violations and root shell. > When i run /home/bash -p i get the violations and user shell. bash is a bad example - when run with euid != uid it will drop euid priviliges anyway. If you just want to test how capabilities work, I suggest you copy /usr/bin/id and test on it # mkdir /home/lidstest # cd /home/lidstest # cp /usr/bin/id real.id # cp /usr/bin/id play.id # chmod u+s *.id (make lids rules, etc....) -- Brian Hatch Indecision is the key Systems and to flexibility Security Engineer http://www.ifokr.org/bri/ Every message PGP signed
RSS Feed