lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20111110115144.GD10997@vega.lgb.hu>
Date:	Thu, 10 Nov 2011 12:51:44 +0100
From:	Gábor Lénárt <lgb@....hu>
To:	linux-kernel@...r.kernel.org
Subject: capabilities question(s)

Hi All,

I have the problem that I can't find too much informations about
capabilities implemented by the Linux kernel, and its usage. 
I even don't have header file sys/capability.h suggested by man
page of capget (on ubuntu, if it does count). However it's not the major
problem, as I've found example to use syscall() from sys/syscall.h and
stuffs in linux/capability.h. Well, ignore it, I've just found out
that I need libcap-dev to install. However the problem remains:

What I want to do: I need user to be able to do chroot() once, then I want
to drop that capability (to be safe?).  My program (a server) runs as root,
but after initialization it changes uid/gid (in a forked process).  However
I want to keep chroot capability even after the uid/gid change so I can do a
chroot() even as non-root.  It it possible at all? I need this so I feel
more secure not to run things as root, since I need to do many things before
I can call chroot(). So I guessed, it's more secure to use non-root user
to do these, before I can do chroot().

As far as I can see, I can set capability as root, but after uid/gid change,
I lost that capability, and - of course - I cannot set it as a user then.

Or should I use root user anyway, just drop all of the capabilities I don't
need just keep uid/gid change and chroot? Anyway, then I have the problem
that I am still root for the filesystem permission checks, and it's
something I don't want to do, because the things my server do before chroot
is not so secure ...

Any ideas are welcome.

Best regards,

Gábor
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ