This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
- From: "bugeaud at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 28 Jul 2010 14:07:24 -0000
- Subject: [Bug libc/11643] ldopen failing with relative path ($ORIGIN) when a capability is set
- References: <20100528162846.11643.bugeaud@gmail.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From bugeaud at gmail dot com 2010-07-28 14:07 -------
Hello Petr,
Thanks for this explanation, this helps to solve the puzzle.
To me this is an obvious Bug : I can not use POSIX capabilities and the only
workaround is to give SUID !
My understanding of Capabilities was that this is something "less harmfull" than
SUID. Because, if you are SUID you don't need them, you own all the caps ! My
understanding was also that they are implemented in a secured way. Which means
that if I have given somebody a right, he can not goes any further and get
nother one "for free" and thus gaining a complete SU status. Am I correct ?
In a way, we could rephrase your points by asking :
Is POSIX capabilities secured ?
Should we use POSIX capabilities as a way of securing Linux based system and
removing as much as SU/Sticky bits headaches ?
I will try to question the ML, but keep the possibility of reopening this if
nobody clarify this security situation.
I understand that this is not a simple issue, but I would not have bugged people
with something that RFM would solve.
Cheers,
JB
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11643
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.