On 10/01/2013 01:27 PM, Matthew Miller wrote:
On Fri, Sep 27, 2013 at 07:33:28PM +0000, "Jóhann B.
Guðmundsson" wrote:
> I dont have any security degrees nor do I consider myself an evil
> man and probably Steve and Dan would be better suited to answer this
> question since I'm far from being any expert on the subject but
> hypothetically would not someone being able to do something like
> this in this educational sample I'm providing
So, to cut out the code, what you're saying is that someone could use this
to create a binary which executes as effective root. This is true, but a)
one is actually running as root inside the container anyway and b) one can
just use full setuid. Additionally, this wouldn't let someone _not_ root in
the container set filesystem capabilities.
Actually the code I posted creates backdoor to give an user who runs it
the ability to gain root privileges via setcap ( setcap cap_setuid=ep
.b ).
I intentionally left out the part how you gain superuser, big
capabilities, etc to insert it in the first place ( let's not give nsa
any more bright ideas )
JBG