lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <15429.83.60.135.204.1173342736.squirrel@webmail2.digitalinet.com>
Date:	Thu, 8 Mar 2007 09:32:16 +0100 (CET)
From:	rgarcia@...asoft.com
To:	linux-kernel@...r.kernel.org
Subject: Request change in behaviour of capability inheritance.

I think that the current behaviour of capability inheritance across exec()
is not optimal.

The current behaviour consists in all effective and permitted capabilities
are cleared across a exec(). This is because it seems to be intended that
in the future the executable files have a set of "allowed" and "forced"
capabilities.  If a capability is not allowed, it is not permitted in an
inherited process. But at pressent, there is no attribute of "allowed"
capabilities in the filesystem, and the behaviour is that no capability is
allowed.

I request to change this behaviour. By default all capabilities should be
allowed, that is, inherited across exec().

This is neccessary to protect a daemon without changing its source. With
the requested behaviour, it would be posible to launch a daemon intented
to run as root, as an unpriviledged user but with the neccessary
capabilities, by using a script or program that changes the uid and the
capabilities and then launches the daemon.

Thus the present behaviour of no "allowed" capabilities pretends to be
more secure, but is actually less secure. By default, all parent
priviledges should be inherited, because this allows one to create
programs and scripts that execute daemons or other programs in a
restricted environment.

I am modifying kernel source for our own setup. I think others should


----------------------------------------------
Ramon Garcia Fernandez
Kotasoft, your experts in Linux consulting
----------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ