| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Nov 2011 15:59:47 +0000 From: "Serge E. Hallyn" <serge@...lyn.com> To: Gábor Lénárt <lgb@....hu> Cc: linux-kernel@...r.kernel.org Subject: Re: capabilities question(s) Quoting Gábor Lénárt (lgb@....hu): > Hi All, > > I have the problem that I can't find too much informations about > capabilities implemented by the Linux kernel, and its usage. > I even don't have header file sys/capability.h suggested by man > page of capget (on ubuntu, if it does count). However it's not the major > problem, as I've found example to use syscall() from sys/syscall.h and > stuffs in linux/capability.h. Well, ignore it, I've just found out > that I need libcap-dev to install. However the problem remains: > > What I want to do: I need user to be able to do chroot() once, then I want > to drop that capability (to be safe?). My program (a server) runs as root, > but after initialization it changes uid/gid (in a forked process). However > I want to keep chroot capability even after the uid/gid change so I can do a > chroot() even as non-root. It it possible at all? I need this so I feel What you want is prctl(PR_SET_KEEPCAPS, 1); That will let you keep the capabilities across the uid change. Note that this will get reset, and your privilege dropped, after a subsequent execve(). If that doesn't work for you, then you may want to look into running that task with different securebits settings (using prctl(PR_SET_SECUREBITS, XYZ)). See 'man 7 capabilities' for more information on that. HTH, -serge > more secure not to run things as root, since I need to do many things before > I can call chroot(). So I guessed, it's more secure to use non-root user > to do these, before I can do chroot(). > > As far as I can see, I can set capability as root, but after uid/gid change, > I lost that capability, and - of course - I cannot set it as a user then. > > Or should I use root user anyway, just drop all of the capabilities I don't > need just keep uid/gid change and chroot? Anyway, then I have the problem > that I am still root for the filesystem permission checks, and it's > something I don't want to do, because the things my server do before chroot > is not so secure ... > > Any ideas are welcome. > > Best regards, > > Gábor > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists