LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Spengler: False Boundaries and Arbitrary Code Execution

Spengler: False Boundaries and Arbitrary Code Execution

Posted Jan 5, 2011 21:18 UTC (Wed) by gmaxwell (subscriber, #30048)
Parent article: Spengler: False Boundaries and Arbitrary Code Execution

Some of the escalations listed related to root owning most system binaries thus the lack of DAC_OVERRIDE being irrelevant for a EUID 0 process being able to modify most of them.

Is there any particular reason that all system binaries, except SUID ones, couldn't be changed to be owned by another user which processes never run as ("bin" perhaps?). Since root normally has DAC_OVERRIDE this shouldn't have a ton of administrative impact but it would reduce that family of loopholes a little bit.

(Log in to post comments)

Spengler: False Boundaries and Arbitrary Code Execution

Posted Mar 3, 2011 7:30 UTC (Thu) by roblucid (subscriber, #48964) [Link]

I don't like the sound of that idea. What programs can root safely run?
IMO root risks privilege escalation via a trojan, any time they execute non-root owned code.
In past under UNIX, many binaries were owned by 'bin', but this just meant gaining user 'bin' was another way to root the box.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds