| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Apr 2007 23:48:01 +0400 From: Michael Tokarev <mjt@....msk.ru> To: linux-kernel@...r.kernel.org Subject: Wondering: why capabilities system is broken? Hopefully not a flamewar question... Currently, capabilities of a process are reset during exec() system call. At least effective+permitted set. 1) In case new uid != 0, all the caps are cleared, so it is not possible to execute a program as non-root but still give it some capabilities (like, say, CAP_NET_BIND_SERVICE). 2) In case new uid == 0, effective and permitted sets are restored to all-ones. This is regardless of other settings, like prctl(KEEPCAPS), or the current set of capabilities. I partly understand why 2) is done - in case of setuid binary being executed, all the capabilities are set for it. But this breaks executing non-setuid binaries too -- for example, it'd be very nice to be able to chroot to some directory, and remove CAP_SYS_CHROOT (and other evil caps like CAP_SYS_MODULE, CAP_SETPCAP) -- this way, with minimal efforts, chroot will work almost (yes, I understand it's not entirely the same) the same as BSD jail(2) concept. So the question is: why capability sets are being reinitialized during exec()? At least in 2.4 era, they weren't... and stuff like execcap, sucaps etc was working. Now they aren't anymore. Thanks. /mjt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists