On Mon, 1 May 2000 firstname.lastname@example.org wrote:
> The problem is that I'd like to be able to use capabilities to secure
> a system, however, I don't want to necessitate a lot of trips out to a
> remote site everytime we make a mistake and need to change a file that
> we've made immutable. The solution, it seems, is to compromise security
> of the capabilities somewhat by adding a password to the system which
> allows the sysadmin to remove any/all of the capabilities restrictions.
> This is similar to what LIDS does, however, I'd rather have a patch with
> only does this rather than a patch which also includes portscan detectors
> in the kernel, etc.
There's already a "recognised" way to go about this, and that's via pid 1,
init has the power to lower system securelevel (or in modern kernels,
change the capability bounding set). It also has the power to dish out
capabilities to arbitrary other processes.
All that is needed is a modification to init to accept a password via its
UNIX domain socket, and do some appropriate capability jiggling.
If you do modify init, though, be careful to try and keep it secure. For
example, a buffer overflow in the password parsing/verification routine
would be incredibly bad news. Also, the default configuration should be
kept "no backdoor password".
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to email@example.com
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:10 EST