[cap-talk] Yikes
6 views
Skip to first unread message
Matt Rice
Jan 30, 2016, 2:46:22 PM1/30/16
to General discussions concerning capability systems.
Coarse (filesystem mounted read-only vs read-write) permissions
ambient authority
writing to the bios/storage that doesn't appear able to be checkpointed
what could go wrong?
https://github.com/systemd/systemd/issues/2402
all so that an enumerable number of programs that install bootloaders
can write to them...
the 'storage that cannot apparently be checkpointed' aspect, makes
this a particularly dangerous capability even on cap systems which can
grant access to the enumerable programs.
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
ambient authority
writing to the bios/storage that doesn't appear able to be checkpointed
what could go wrong?
https://github.com/systemd/systemd/issues/2402
all so that an enumerable number of programs that install bootloaders
can write to them...
the 'storage that cannot apparently be checkpointed' aspect, makes
this a particularly dangerous capability even on cap systems which can
grant access to the enumerable programs.
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
Reply all
Reply to author
Forward
0 new messages