Re: Preparing Debian for using capabilities: file ownership.

To: Seth Arnold <sarnold@willamette.edu>
Cc: Nicol?s Lichtmaier <nick@debian.org>, debian-policy@lists.debian.org
Subject: Re: Preparing Debian for using capabilities: file ownership.
From: Joey Hess <joeyh@debian.org>
Date: Tue, 26 Sep 2000 15:08:55 -0700
Message-id: <[🔎] 20000926150855.B3798@kitenet.net>
Mail-followup-to: Joey Hess <joeyh@debian.org>, Seth Arnold <sarnold@willamette.edu>, Nicol?s Lichtmaier <nick@debian.org>, debian-policy@lists.debian.org
In-reply-to: <[🔎] 20000926150309.C24366@willamette.edu>; from sarnold@willamette.edu on Tue, Sep 26, 2000 at 03:03:09PM -0700
References: <[🔎] 20000920222406.B426@debian.org> <[🔎] 8qgqc9$sd7$1@enterprise.cistron.net> <[🔎] 20000923010717.A701@debian.org> <[🔎] 969695071.2762c631@debian.org> <[🔎] 20000923161918.A3309@debian.org> <[🔎] 20000926144955.A3801@kitenet.net> <[🔎] 20000926150309.C24366@willamette.edu>

Seth Arnold wrote:
> > This is not an issue if
> > 
> > a) bin has no passowrd so people cannot log in as bin
> > and
> > b) nothing on the system is suid bin
> 
> Joey, if bin owns ls, then someone that cracks the bin account (via some
> non-interactive means) could replace ls with a version of ls that opens
> a port connected to a shell.

It's impossible to crack an account that nothing ever runs as, unless you
crack root first.

-- 
see shy jo

Reply to:

References:
- Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: miquels@cistron.nl (Miquel van Smoorenburg)
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Raul Miller <moth@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Nicolás Lichtmaier <nick@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Joey Hess <joeyh@debian.org>
- Re: Preparing Debian for using capabilities: file ownership.
  - From: Seth Arnold <sarnold@willamette.edu>

Prev by Date: Re: Preparing Debian for using capabilities: file ownership.
Next by Date: Re: Preparing Debian for using capabilities: file ownership.
Previous by thread: Re: Preparing Debian for using capabilities: file ownership.
Next by thread: Re: Preparing Debian for using capabilities: file ownership.
Index(es):
- Date
- Thread