| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Feb 2015 23:47:09 +0100 From: Pavel Machek <pavel@....cz> To: Andy Lutomirski <luto@...capital.net> Cc: Christoph Lameter <cl@...ux.com>, Serge Hallyn <serge.hallyn@...ntu.com>, Serge Hallyn <serge.hallyn@...onical.com>, Jonathan Corbet <corbet@....net>, Aaron Jones <aaronmdjones@...il.com>, Ted Ts'o <tytso@....edu>, LSM List <linux-security-module@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...uxfoundation.org>, "Andrew G. Morgan" <morgan@...nel.org> Subject: Re: [capabilities] Allow normal inheritance for a configurable set of capabilities On Fri 2015-02-27 12:56:41, Andy Lutomirski wrote: > On Fri, Feb 27, 2015 at 12:48 PM, Pavel Machek <pavel@....cz> wrote: > > On Fri 2015-02-27 12:15:15, Andy Lutomirski wrote: > >> On Thu, Feb 26, 2015 at 4:27 AM, Pavel Machek <pavel@....cz> wrote: > >> > On Wed 2015-02-25 17:59:04, Christoph Lameter wrote: > >> >> On Wed, 25 Feb 2015, Pavel Machek wrote: > >> >> > >> >> > One solution is to put capabilities into the elf executable. I believe > >> >> > there was patch for that. That means you don't need to add capability > >> >> > support into filesystems... > >> >> > >> >> Ummm... So I can just get any caps by modifying the ELF header? > >> >> Looking at the docs No, it just drops caps so binaries must be > >> >> setsuid. > >> > > >> > exactly. Normal apps are not currently allowed to receive > >> > capabilities, because they may not be ready for them. > >> > > >> > So add an elf note marking what capabilities it can deal with. > >> > No need for setuid if caller has the capabilities already. > >> > >> We'd need extremely broad coverage for this to be useful because of > >> shells, pipelines, scripts, etc. We'd need bash, env, python, etc. > > > > Well.. capabilities for scripts will be "fun" even when you have > > proper filesystem support. I'd say that is separate problem... (and > > yes, it would have to be solved.) > > To me, however, the whole point of this thread is that you shouldn't > need filesystem support at all. If I have CAP_WHATEVER, I tell the > kernel that I want my children to have CAP_WHATEVER in their permitted > and effective sets, and I don't try to run a setuid or fP != 0 > program, then it should just work. > > The insertion of scripts in the way shouldn't matter. Right, and I wish you luck. But this arguments were here before, and I believe Linux is not going that way. elfcap is compromise solution, that should achieve what you want to do for executables. Full filesystem support for capabilities is a solution, too, but it needs support in things like cpio... Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists