[15383] in bugtraq
Re: local root on linux 2.2.15
daemon@ATHENA.MIT.EDU (Robert Watson)
Mon Jun 19 11:09:05 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.NEB.3.96L.1000618130736.6568I-100000@fledge.watson.org>
Date: Sun, 18 Jun 2000 13:13:22 -0400
Reply-To: posix1e@cyrus.watson.org
From: Robert Watson <rwatson@FREEBSD.ORG>
X-To: Firstname Lastname <typo@SCENE.AT>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000615222516.A20333@boehm.org>
On Friday, a capabilities workshop was held at SGI in Mountain View, with
attendees from the Trusted IRIX, Linux, and FreeBSD worlds. Part of our
work was to try and clarify issues in the draft specifications, and agree
on semantics for interaction between uid security models and capability
security models. I would consider the workshop a great success, and would
like to remind people there there is a mailing list for the discussion of
the POSIX.1e spec (and related issues). You can subscribe by sending
email to majordomo@cyrus.watson.org.
I'd also like to remind people that portable APIs do exist for
manipulating capability sets, and that using them results in portability
across platforms :-). Please, wherever possible, use those APIs. I
believe they exist in Linux in libcap. In FreeBSD, they're in libposix1e
as of 5.0-CURRENT (some aspects are still being committed). As they were
actually designed with opaque implementations in mind, they make it easy
to avoid type-based errors in malloc, have well-defined error modes, etc.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
