root and capabilities list

ds 1000hz.radiowave at gmail.com
Tue Oct 14 18:44:26 UTC 2014


On 14.10.2014 22:37, Martin Pitt wrote:
> Ah, how does that work? I'm not aware of an ELF/kernel feature which 
> allows doing that, this sounds interesting? 
https://www.insecure.ws/2013/12/17/lesser-known-tool-of-the-day-getcap-setcap-and-file-capabilities/
> Note that at least CAP_SYS_MODULE is equivalent to root (as you can 
> load any local .ko which can then provide you with a backdoor into the 
> kernel),
I guess you have to put the .ko file at a protected place of filesystem 
for it to get loaded. And maybe it would even require recompiling kernel 
with your .ko in mind. I am not sure how it works. I only use ubuntu for 
a month now.

> If open and read on them is additionally protected by CAP_SYS_RAWIO, 
> then world-readability should not hurt indeed (note that I haven't 
> verified this). Martin 
Trust me. Tried already.




More information about the Ubuntu-devel-discuss mailing list