| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrVXj=dwKGrMfAL1xnD-KgLEe_R9-iCjDQR-W0j5jOyF-g@mail.gmail.com> Date: Fri, 27 Feb 2015 12:56:41 -0800 From: Andy Lutomirski <luto@...capital.net> To: Pavel Machek <pavel@....cz> Cc: Christoph Lameter <cl@...ux.com>, Serge Hallyn <serge.hallyn@...ntu.com>, Serge Hallyn <serge.hallyn@...onical.com>, Jonathan Corbet <corbet@....net>, Aaron Jones <aaronmdjones@...il.com>, "Ted Ts'o" <tytso@....edu>, LSM List <linux-security-module@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...uxfoundation.org>, "Andrew G. Morgan" <morgan@...nel.org> Subject: Re: [capabilities] Allow normal inheritance for a configurable set of capabilities On Fri, Feb 27, 2015 at 12:48 PM, Pavel Machek <pavel@....cz> wrote: > On Fri 2015-02-27 12:15:15, Andy Lutomirski wrote: >> On Thu, Feb 26, 2015 at 4:27 AM, Pavel Machek <pavel@....cz> wrote: >> > On Wed 2015-02-25 17:59:04, Christoph Lameter wrote: >> >> On Wed, 25 Feb 2015, Pavel Machek wrote: >> >> >> >> > One solution is to put capabilities into the elf executable. I believe >> >> > there was patch for that. That means you don't need to add capability >> >> > support into filesystems... >> >> >> >> Ummm... So I can just get any caps by modifying the ELF header? >> >> Looking at the docs No, it just drops caps so binaries must be >> >> setsuid. >> > >> > exactly. Normal apps are not currently allowed to receive >> > capabilities, because they may not be ready for them. >> > >> > So add an elf note marking what capabilities it can deal with. >> > No need for setuid if caller has the capabilities already. >> >> We'd need extremely broad coverage for this to be useful because of >> shells, pipelines, scripts, etc. We'd need bash, env, python, etc. > > Well.. capabilities for scripts will be "fun" even when you have > proper filesystem support. I'd say that is separate problem... (and > yes, it would have to be solved.) To me, however, the whole point of this thread is that you shouldn't need filesystem support at all. If I have CAP_WHATEVER, I tell the kernel that I want my children to have CAP_WHATEVER in their permitted and effective sets, and I don't try to run a setuid or fP != 0 program, then it should just work. The insertion of scripts in the way shouldn't matter. --Andy > > -- > (english) http://www.livejournal.com/~pavelmachek > (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists