[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Checksums on ftp

On Thu, Apr 27, 2000 at 06:13:31PM -0800, Ethan Benson wrote:
> On Fri, Apr 28, 2000 at 02:03:07AM +0000, Jim Breton wrote:
> > On Thu, Apr 27, 2000 at 05:35:42PM -0800, Ethan Benson wrote:
> > > why zap an immutable log file?  it won't contain any new entries since
> > > syslogd cannot write to it either :P  you probably mean the append
> > > only bit.  which is indeed useful on logs but breaks log rotation
> > > which is rather annoying.
> > 
> > Yup I did mean append-only.  You could always mix a chattr -a, chattr +a
> > into your log rotation scripts to work around that.
> well yes, but only if root is permitted to remove the append only bit,
> in which case the added security is really minimal (ie only protects
> against clueless script kiddies who only know how to edit a log by
> running ./3l337L0ghaX ...

./3l337L0ghaX scripts will include append support as soon as using
append bit will spread

> > But from what I've seen so far, I do believe you would be able to
> > somehow add capabilities to a running process (as well as remove them).
> yes that is indeed possible, though what im more interested in is
> being able to set capabilities on a binary in the filesystem instead
> of making it SUID root.  so instead of suid root /bin/ping you would
> have a non suid /bin/ping with the CAP_RAW_SOCKET (or whatever its
> called) capabilty set.  but this requires filesystem support that we
> don't have yet.  the alternative is still having suid root ping but
> have it throw away all capabilities other then RAW_SOCKET and
> presumably change uids, throwing away root privileges, better perhaps
> but not as good IMO as never having elevated privileges in the first place.

why not have :
/dev/rawsocket 660 root.ping
/bin/ping setgid ping

Reply to: