tis 2010-12-21 klockan 11:47 -0500 skrev Colin Walters:
"But they still have uid 0, which typical system installation allows root to do things. For example, /bin/sh is 0755 and /bin is also 0755 perms. A disarmed root process can still trojan a system. But what if we got rid of all the read/write permissions for root?"
Eh? A process given capabilities via file capablities do not need to run with uid 0. It can run as the calling user (no setuid bit), and is what RemoveSETUID is about.
For things started as root, a capabilities aware system service started as root can drop to a non-root user while keeping the capabilities it needs. But this is not using file capabilities. But practicaly nothing accessed bu users should be running as root.
Regards Henrik