| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Apr 2008 15:09:11 +0100 From: David <david@...olicited.net> To: Mike Galbraith <efault@....de>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: 2.6.25 Kernel - Problems with capabilities Mike Galbraith wrote: > On Sat, 2008-04-19 at 19:43 +0100, David wrote: > >> I'm wondering if anyone might be able to help with a capability problem >> I've noticed with .25 My ntp daemon will no longer run as any non-root >> user, and after some investigation it seems that calls to prctl() are >> failing. >> >> CONFIG_SECURITY_CAPABILITIES=y , so this should work? >> >> System is 32 bit x86 based on a venerable SuSE 9.1 distro. >> >> Full .config is attached. >> >> Thanks >> David >> >> >> > > FWIW, ntpd runs just fine here as user ntp on both my P4 and Q6600 boxen > with opensuse 10.3. > > marge:..tmp/linux-2.6.25 # grep SECUR .config > CONFIG_EXT2_FS_SECURITY=y > CONFIG_EXT3_FS_SECURITY=y > CONFIG_EXT4DEV_FS_SECURITY=y > CONFIG_SECURITY=y > CONFIG_SECURITY_NETWORK=y > CONFIG_SECURITY_NETWORK_XFRM=y > CONFIG_SECURITY_CAPABILITIES=y > CONFIG_SECURITY_FILE_CAPABILITIES=y > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 > # CONFIG_SECURITY_SELINUX is not set > marge:..tmp/linux-2.6.25 # grep SECUR /xx > CONFIG_EXT2_FS_SECURITY=y > CONFIG_EXT3_FS_SECURITY=y > CONFIG_REISERFS_FS_SECURITY=y > # CONFIG_XFS_SECURITY is not set > CONFIG_SECURITY=y > CONFIG_SECURITY_NETWORK=y > # CONFIG_SECURITY_NETWORK_XFRM is not set > CONFIG_SECURITY_CAPABILITIES=y > # CONFIG_SECURITY_FILE_CAPABILITIES is not set > # CONFIG_SECURITY_ROOTPLUG is not set > CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 > > I notice I have CONFIG_SECURITY_FILE_CAPABILITIES set, and you don't. I > have not even the foggiest clue whether that has anything to do with the > price of tea in china though :) > I've just set CONFIG_SECURITY_FILE_CAPABILITIES=y CONFIG_SECURITY_NETWORK_XFRM=y to no avail.. I still get 20 Apr 15:04:20 ntpd[15694]: cap_set_proc() failed to drop root privileges: Invalid argument after rebuild & reboot. No massive deal, I'll just run ntpd as root for now, but there's definitely something funny going on. Cheers David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists