Re: linux capabilities ?

From: Chris Wright
Date: Thu Jan 20 2005 - 19:28:48 EST


* jnf (jnf@xxxxxxxxxxxxxxxxx) wrote:
> I will read the paper before commenting on it further, however I cannot
> see what dangers it would really provide that a setuid program doesnt
> already have- other than the ability to give another non-root process root
> like abilities. However, the more I ponder it, it seems as if you could

It was a dangerous failure mode when a capability isn't present that hit
sendmail.

> accomplish a lot of things with a set of ACL's and Capabilities (think
> compartmentalizing everything from each other where no one thing has full
> control of anything other than its particular subsystem).

Yes, that's the ideal. Unfortunately it doesn't work out quite so
neatly ;-/

> > Since /proc/kmsg is 0400 you need CAP_DAC_READ_SEARCH (don't necessarily
> > need full override). Otherwise, you are right, you do need CAP_SYS_ADMIN.
> > Or just use syslog(2) directly, and you'll avoid the DAC requirement.
>
> Hrm, even a chmod of it didn't appear to really affect things?

Should, and it makes a difference for me.

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/