Florian Weimer wrote:
* Alessandro Selli:
Florian Weimer wrote:
* Alessandro Selli:
CAP_DAC_OVERRIDE is root-equivalent only as far as the DAC is
concerned.
This is incorrect.
Is capabilities(7) man page incorrect?
What else does this capability allow a process to do?
As I tried to explain, escalation to full root is possible on most
real-world systems, so this capability is not very restrictive in
practice.
Using capabilities one must trick the process into escalation of full
root privileges. Using the SUID root bit the process does not have to
do any escalation, as it already has full root privileges.
Regards,
--
Alessandro Selli http://alessandro.route-add.net
VOIP SIP: dhatarat...@ekiga.net
Chiave firma PGP/GPG signing key: B7FD89FD
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
