Re: capget() overflows buffers.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Chris Wright

Subject: Re: capget() overflows buffers.

Date: Saturday, May 24, 2008 - 1:07 am

* Andrew G. Morgan (morgan@kernel.org) wrote:
quoted text> Your concern is for the situation when the garbage happens to correspond
> to an apparently meaningful setting for the upper capability bits? The
> problem being that this privileged application is more privileged than
> intended? I agree that this is not ideal.

Yep, exactly.

quoted text> In practice, however, this is only a real problem if named (or a
> similarly structured program) has a security related bug in it. No?

It's dropped privileges to help mitigate any security related bug it
may contain.  It's conceivable (albeit remote[1]) that fork/exec plus
inheritable could leak privs w/out a security related bug.

quoted text> Is this your concern, or have I missed something?

That's it.

thanks,
-chris

[1] Get lucky combo in the garbage bits and have not shed uid 0.
Much less likely.
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

capget() overflows buffers., Dave Jones, (Thu May 22, 7:04 am)

Re: capget() overflows buffers., Chris Wright, (Thu May 22, 10:58 am)

Re: capget() overflows buffers., Chris Wright, (Thu May 22, 1:53 pm)

Re: capget() overflows buffers., Bojan Smojver, (Thu May 22, 2:20 pm)

Re: capget() overflows buffers., Andrew G. Morgan, (Thu May 22, 3:52 pm)

Re: capget() overflows buffers., Chris Wright, (Thu May 22, 4:37 pm)

Re: capget() overflows buffers., Bojan Smojver, (Thu May 22, 6:20 pm)

Re: capget() overflows buffers., Chris Wright, (Thu May 22, 7:06 pm)

Re: capget() overflows buffers., Bojan Smojver, (Thu May 22, 9:01 pm)

Re: capget() overflows buffers., Andrew G. Morgan, (Fri May 23, 12:09 am)

Re: capget() overflows buffers., Chris Wright, (Fri May 23, 8:57 am)

Re: capget() overflows buffers., Chris Wright, (Fri May 23, 11:26 am)

Re: capget() overflows buffers., Andrew G. Morgan, (Fri May 23, 5:02 pm)

Re: capget() overflows buffers., Chris Wright, (Fri May 23, 6:09 pm)

Re: capget() overflows buffers., Andrew G. Morgan, (Fri May 23, 9:40 pm)

Re: capget() overflows buffers., Andrew G. Morgan, (Fri May 23, 11:25 pm)

Re: capget() overflows buffers., Chris Wright, (Sat May 24, 1:07 am)

Re: capget() overflows buffers., Chris Wright, (Sat May 24, 1:17 am)

[PATCH] security: was "Re: capget() overflows buffers.", Andrew G. Morgan, (Mon May 26, 6:17 pm)

Re: [PATCH] security: was "Re: capget() overflows buffers.", Chris Wright, (Tue May 27, 2:42 pm)

Re: [PATCH] security: was "Re: capget() overflows buffers.", Andrew Morton, (Tue May 27, 8:33 pm)


linux-kernel:
Mel Gorman	Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck	Re: [lm-sensors] Location for thermal drivers
David Woodhouse	Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B	Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra	Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head:
Linux Kernel Mailing List	[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List	USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List	lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List	[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List	[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev:
MERCEDES	Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller	Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller	Re: skb_segment() questions
Shan Wei	[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka	[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git:
Nicolas Sebrecht	git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano	Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff	Re: [PATCH] GIT commit statistics.
Alexandre Julliard	[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett	[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc:
Taisto Qvist XX	Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer	Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier	Re: jetway board sensors (Fintek F71805F)
admin	Drive a 2009 car from R799p/m
Antti Harri	Re: how to create a sha256 hash