| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140206213036.GA24641@mail.hallyn.com> Date: Thu, 6 Feb 2014 22:30:36 +0100 From: "Serge E. Hallyn" <serge@...lyn.com> To: Aaron Jones <aaronmdjones@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: File capabilities are not 'working' and I have no idea why Quoting Aaron Jones (aaronmdjones@...il.com): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > I have isolated the problem. File capabilities are not assigned when > the program being executed is located on a filesystem mounted with > the "nosuid" option. > > This seems counter-intuitive; a fully capability-based system would > not use setuid binaries... Not strictly true. setuid really just means 'change uid'. The fact that it can also raise/lower capability sets just muddles the issue. If you want that behavior stopped you can do so using SECBIT_NO_SETUID_FIXUP. > so a logical thing to do would be to > prevent the setuid bits from doing anything, which is what the > nosuid flag is for, no? > > Or am I missing something? > > Can we get a config flag to toggle this behaviour? I think generally when people mount nosuid it is to prevent an untrusted source (usb stick, whatever) from providing a untrusted but privileged program. Be that through setuid-root binaries or file capabilities. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists