Re: posix capabilities inheritance

From: Ernie Petrides
Date: Thu Oct 23 2003 - 20:39:49 EST

Next message: Jon Smirl: "Re: [Dri-devel] Re: [Linux-fbdev-devel] DRM and pci_driver conversion"
Previous message: Albert Cahalan: "Re: [RFC] must fix lists"
In reply to: Theodore Ts'o: "Re: posix capabilities inheritance"
Next in thread: Bernd Eckenfels: "Re: posix capabilities inheritance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday, 23-Oct-2003 at 17:5 CDT, "Michael Glasgow" wrote:

> The code to drop privs is not hard, but it's also not trivial.

Here's an example code sequence that demonstrates how a setuid-to-root
application could drop all capabilities except for CAP_IPC_LOCK and
then run with the non-privileged uid:

#include <sys/prctl.h>
#include <sys/capability.h>

...

cap_t c;

if (prctl(PR_SET_KEEPCAPS, 1UL, 0UL, 0UL, 0UL) < 0 ||
seteuid(getuid()) < 0 ||
!(c = cap_from_text("cap_ipc_lock=eip")) ||
cap_set_proc(c) < 0)
/* handle error */;

However, I agree that it's often not viable to require application
changes to achieve the desired result.

Cheers. -ernie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jon Smirl: "Re: [Dri-devel] Re: [Linux-fbdev-devel] DRM and pci_driver conversion"
Previous message: Albert Cahalan: "Re: [RFC] must fix lists"
In reply to: Theodore Ts'o: "Re: posix capabilities inheritance"
Next in thread: Bernd Eckenfels: "Re: posix capabilities inheritance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]