lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061129204013.GA7228@sgi.com>
Date:	Wed, 29 Nov 2006 14:40:13 -0600
From:	"Bill O'Donnell" <billodo@....com>
To:	Chris Friedhoff <chris@...edhoff.org>
Cc:	"Serge E. Hallyn" <serue@...ibm.com>,
	Andrew Morton <akpm@...l.org>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Chris Wright <chrisw@...s-sol.org>,
	KaiGai Kohei <kaigai@...gai.gr.jp>,
	Alexey Dobriyan <adobriyan@...il.com>
Subject: Re: [PATCH] Implement file posix capabilities

Once again, running into problems when trying this patch on SLES-10 IA64,
(Linux certify 2.6.18 #2 SMP PREEMPT Wed Nov 29 13:11:28 CST 2006 ia64)

1) replaced the ancient /lib/libcap.so.1.92 with less ancient libcap.so.1.10

2) successfully applied Serge's patch to SLES 2.6.18 sources and rebooted

3) installed Kaigai's userspace tools... no problems evident

4) ran setfcaps to see capabilities... (note Memory fault):

certify:~/libcap-1.10 # setfcaps
usage: setfcaps <capabilities> <file> ...
        cap_chown, cap_dac_override, cap_dac_read_search, cap_fowner
	cap_fsetid, cap_kill, cap_setgid, cap_setuid
	cap_setpcap, cap_linux_immutable,
	cap_net_bind_service, cap_net_broadcast
        cap_net_admin, cap_net_raw, cap_ipc_lock, cap_ipc_owner
	cap_sys_module, cap_sys_rawio, cap_sys_chroot, cap_sys_ptrace
	cap_sys_pacct, cap_sys_admin, cap_sys_boot, cap_sys_nice
	cap_sys_resource, cap_sys_time,
	cap_sys_tty_config, cap_mknod
        cap_lease, cap_audit_write, cap_audit_controlMemory fault

5) straced previous command:

billodo@...tify:/> strace -o /tmp/straceout4 setfcaps
billodo@...tify:/> cat  /tmp/straceout4
execve("/sbin/setfcaps", ["setfcaps"], [/* 65 vars */]) = 0
brk(0)                                  = 0x6000000000004000
uname({sys="Linux", node="certify", ...}) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=111415, ...}) = 0
mmap(NULL, 111415, PROT_READ, MAP_PRIVATE, 3, 0) = 0x200000000004c000
close(3)                                = 0
open("/lib/libcap.so.1", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0002\0\1\0\0\0\340\25"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0755, st_size=22672, ...}) = 0
mmap(NULL, 85800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x2000000000068000
madvise(0x2000000000068000, 85800, MADV_SEQUENTIAL|0x1) = 0
mprotect(0x2000000000070000, 49152, PROT_NONE) = 0
mmap(0x200000000007c000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x200000000007c000
close(3)                                = 0
open("/lib/libc.so.6.1", O_RDONLY)      = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0002\0\1\0\0\0\3609\2"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0755, st_size=2590313, ...}) = 0
mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2000000000080000
mmap(NULL, 2416624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x2000000000084000
madvise(0x2000000000084000, 2416624, MADV_SEQUENTIAL|0x1) = 0
mprotect(0x20000000002bc000, 49152, PROT_NONE) = 0
mmap(0x20000000002c8000, 32768, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x234000) = 0x20000000002c8000
mmap(0x20000000002d0000, 8176, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000002d0000
close(3)                                = 0
mmap(NULL, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x20000000002d4000
mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x20000000002dc000
munmap(0x200000000004c000, 111415)      = 0
write(2, "usage: setfcaps <capabilities> <"..., 41) = 41
write(2, "\n\tcap_chown", 11)           = 11
write(2, ", cap_dac_override", 18)      = 18
write(2, ", cap_dac_read_search", 21)   = 21
write(2, ", cap_fowner", 12)            = 12
write(2, "\n\tcap_fsetid", 12)          = 12
write(2, ", cap_kill", 10)              = 10
write(2, ", cap_setgid", 12)            = 12
write(2, ", cap_setuid", 12)            = 12
write(2, "\n\tcap_setpcap", 13)         = 13
write(2, ", cap_linux_immutable", 21)   = 21
write(2, ", cap_net_bind_service", 22)  = 22
write(2, ", cap_net_broadcast", 19)     = 19
write(2, "\n\tcap_net_admin", 15)       = 15
write(2, ", cap_net_raw", 13)           = 13
write(2, ", cap_ipc_lock", 14)          = 14
write(2, ", cap_ipc_owner", 15)         = 15
write(2, "\n\tcap_sys_module", 16)      = 16
write(2, ", cap_sys_rawio", 15)         = 15
write(2, ", cap_sys_chroot", 16)        = 16
write(2, ", cap_sys_ptrace", 16)        = 16
write(2, "\n\tcap_sys_pacct", 15)       = 15
write(2, ", cap_sys_admin", 15)         = 15
write(2, ", cap_sys_boot", 14)          = 14
write(2, ", cap_sys_nice", 14)          = 14
write(2, "\n\tcap_sys_resource", 18)    = 18
write(2, ", cap_sys_time", 14)          = 14
write(2, ", cap_sys_tty_config", 20)    = 20
write(2, ", cap_mknod", 11)             = 11
write(2, "\n\tcap_lease", 11)           = 11
write(2, ", cap_audit_write", 17)       = 17
write(2, ", cap_audit_control", 19)     = 19
--- SIGSEGV (Segmentation fault) @ 200000000015ed20 (ffffffffffffffff) ---
+++ killed by SIGSEGV +++
billodo@...tify:/>                     

6) probably can't go much beyond (5), as problems likely relate to that
segfault.  Nevertheless, I tried to modify capabities for 
modprobe, yielding the all too familiar error... 

billodo@...tify:/> modprobe fuse major-0                            
FATAL: Error inserting fuse (/lib/modules/2.6.18/kernel/fs/fuse/fuse.ko):
Operation not permitted
billodo@...tify:/> sudo setfcaps cap_sys_module=ep /sbin/modprobe
/sbin/modprobe: Function not implemented (errno=38)

-Bill


On Wed, Nov 29, 2006 at 11:28:48AM +0100, Chris Friedhoff wrote:
| I use this patch with 2.6.18.3.
| patching: ok
| configuring: ok
| compiling: ok
| installing: ok
| running: ok
| tested with httpd, smbd, nmbd, named, cupsd, ping, traceroute,
| modprobe, traceroute, ntpdate, xinit, killall, eject, dhcpd, route,
| qemu: ok
| I use this patch as documented: http://www.friedhoff.org/fscaps.html
| 
| I also tested the patched kernel with "CONFIG_SECURITY_FS_CAPABILITIES
| is not set" and xinit kills X perfectly, when the GUI is stopped.
| 
| Any other tests that might be helpful?
| 
| The webpage is updated.
| 
| Chris
| 
| 
| On Mon, 27 Nov 2006 11:07:40 -0600
| "Serge E. Hallyn" <serue@...ibm.com> wrote:
| 
| > From: Serge E. Hallyn <serue@...ibm.com>
| > Subject: [PATCH 1/1] Implement file posix capabilities
| > 
| > Implement file posix capabilities.  This allows programs to be given a
| > subset of root's powers regardless of who runs them, without having to use
| > setuid and giving the binary all of root's powers.
| > 
| > This version works with Kaigai Kohei's userspace tools, found at
| > http://www.kaigai.gr.jp/index.php.  For more information on how to use this
| > patch, Chris Friedhoff has posted a nice page at
| > http://www.friedhoff.org/fscaps.html.
| > 
| > Changelog:
| > 	Nov 27:
| > 	Incorporate fixes from Andrew Morton
| > 	(security-introduce-file-caps-tweaks and
| > 	security-introduce-file-caps-warning-fix)
| > 	Fix Kconfig dependency.
| > 	Fix change signaling behavior when file caps are not compiled in.
| 
| - snip -
| 
| --------------------
| Chris Friedhoff
| chris@...edhoff.org
| -
| To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
| the body of a message to majordomo@...r.kernel.org
| More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Bill O'Donnell
SGI
billodo@....com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ