Re: capabilities patch (v 0.1)

From: Chris Wright
Date: Tue Aug 09 2005 - 17:25:14 EST

Next message: Kumar Gala: "Re: [PATCH] ppc32: Added support for the Book-E style Watchdog Timer"
Previous message: Daniel Drake: "Re: irqpoll causing some breakage?"
In reply to: David Wagner: "Re: capabilities patch (v 0.1)"
Next in thread: Bodo Eggert: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Bodo Eggert (7eggert@xxxxxx) wrote:
> 1) I wouldn't want an exploited service to gain any privileges, even by
> chaining userspace exploits (e.g. exec sendmail < exploitstring). For
> most services, I'd like CAP_EXEC being unset (but it doesn't exist).

Don't let it exec things it shouldn't. This can be done with namespaces
or for finer-grained, that is what smth like SELinux is made for.

> 2) There are environments (linux-vserver.org) which limit root to a subset
> of capabilities. I think they might use that feature, too. Off cause a
> simple "suid bit" == "all capabilities" scheme won't work there.

IIRC, they effectively use the bounded set as per-context. So it'd not
make any difference there.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kumar Gala: "Re: [PATCH] ppc32: Added support for the Book-E style Watchdog Timer"
Previous message: Daniel Drake: "Re: irqpoll causing some breakage?"
In reply to: David Wagner: "Re: capabilities patch (v 0.1)"
Next in thread: Bodo Eggert: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]