Re: Preparing Debian for using capabilities: file ownership.
Seth Arnold wrote:
> > This is not an issue if
> >
> > a) bin has no passowrd so people cannot log in as bin
> > and
> > b) nothing on the system is suid bin
>
> Joey, if bin owns ls, then someone that cracks the bin account (via some
> non-interactive means) could replace ls with a version of ls that opens
> a port connected to a shell.
It's impossible to crack an account that nothing ever runs as, unless you
crack root first.
--
see shy jo
Reply to: