On 04/15/2015 05:42 PM, Andy Lutomirski wrote:
> On Apr 15, 2015 5:00 AM, "Greg Kroah-Hartman"
> I looked. AFAICT polkit doesn't use caps. Systemd does (look for
> VTABLE_CAP and the associated code) for reasons that escape me. I
> have yet to find a single cap-guarded method in the systemd cod
[resending because gmail.]
tl;dr AFAICS systemd is the only thing using caps like this.
systemd's code for that appears to be exploitably buggy, but that bug
is mitigated by the fact that I haven't found any evidence that the
cap check does anything, so there's nothing to exploit. But it sure
see
2 matches
Mail list logo
