Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/alanc/statuses/112366879454997530">Alan Coopersmith (alanc@fosstodon.org)'s status on Thursday, 02-May-2024 02:45:23 JST</a><a href="https://fosstodon.org/@alanc" title="alanc@fosstodon.org"><img src="https://gnusocial.jp/avatar/149449-48-20230714154441.webp" width="48" height="48" alt="Alan Coopersmith" style="position: absolute; left: 0; top: 0;">Alan Coopersmith</a></section><article><p>When Casper was designing the rough equivalent in <a href="https://fosstodon.org/tags/Solaris" rel="tag">#Solaris</a>, the least privilege system, he tried to prevent this.  For instance, PRIV_FILE_DAC_WRITE won’t let you write to a file owned by UID 0 unless your euid is 0 or you already have all privileges (equivalent to root access).<br><a href="https://mastodon.social/@vegard/112365131001894332" rel="nofollow noreferrer">https://mastodon.social/@vegard/112365131001894332</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3024292#notice-6002416">In conversation</a><time datetime="2024-05-02T02:45:23+09:00" title="Thursday, 02-May-2024 02:45:23 JST">about 10 months ago</time> <span>from <span><a href="https://fosstodon.org/@alanc/112366879454997530" rel="external" title="Sent from fosstodon.org via ActivityPub">fosstodon.org</a></span></span><a href="https://fosstodon.org/@alanc/112366879454997530">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://mastodon.social/@vegard/112365131001894332">Vegard Nossum (@vegard@mastodon.social)</a></h5><div> from <span>Vegard Nossum</span></div></header><div>Good comment describing how various CAP_* are de facto equivalent to root: https://lwn.net/Articles/971891/This is not news, of course, but it's interesting to see it spelled out. Are there other pages/lists like this? Maybe even a cap-to-root script/program..?#LinuxKernel #LinuxSecurity #infosec</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Alan Coopersmith (alanc@fosstodon.org)'s status on Thursday, 02-May-2024 02:45:23 JST Alan Coopersmith
When Casper was designing the rough equivalent in #Solaris, the least privilege system, he tried to prevent this. For instance, PRIV_FILE_DAC_WRITE won’t let you write to a file owned by UID 0 unless your euid is 0 or you already have all privileges (equivalent to root access).
https://mastodon.social/@vegard/112365131001894332
In conversationabout 10 months ago from fosstodon.orgpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Vegard Nossum (@vegard@mastodon.social)
  from Vegard Nossum
  Good comment describing how various CAP_* are de facto equivalent to root: https://lwn.net/Articles/971891/ This is not news, of course, but it's interesting to see it spelled out. Are there other pages/lists like this? Maybe even a cap-to-root script/program..? #LinuxKernel #LinuxSecurity #infosec

Public

Embed Notice

HTML Code

Corresponding Notice