User: Password:
Subscribe / Log in / New account

Umbrella 0.7

Umbrella 0.7

Posted May 5, 2005 9:12 UTC (Thu) by rjw (guest, #10415)
In reply to: Umbrella 0.7 by tzafrir
Parent article: Umbrella 0.7

Remember that processes inherit the restrictions of their parent process.
So if you can "execute some arbitrary code", you can already do everything that you could do by spawning a shell. The danger is when there is a privilege *granting* mechanism : suid, filesystem caps, and some selinux policies. That isn't present AFAIK.

This is only about restrictions. What is very interesting is the signed binary thing: even if you mount the filesystem on another machine and bypass filesystem security, you won;t be able to replace a choice binary with an updated or modified version.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds