| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200512104408.jq3umt5hlqfbuhex@shells.gnugeneration.com> Date: Tue, 12 May 2020 03:44:08 -0700 From: Vito Caputo <vcaputo@...garu.com> To: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: Question regarding blocking set[ug]id on processes including via suid executables On Tue, May 12, 2020 at 02:45:24AM -0700, Vito Caputo wrote: > Hello folks, > > I'm curious if someone knows a way to do this using existing linux > interfaces. > > I'd like to create a login lacking the ability to switch uid/gid. > > Even if the process has access to suid executables like /bin/su, and > the user has the root password, I'd like the descendant processes of > their login to be simply incapable of changing uid/gid, even when it's > in the form of running a program w/suid bit set on an existing and > accessible executable in the filesystem. No matter what, it just > can't happen. > > Do we have any such thing today? I'd really like to be able to set > this on a specific user and all logins of that user are simply stuck > on that uid no matter what. > Basically what I'm looking for is a convention for login-time application of the PR_SET_NO_NEW_PRIVS prctl, do we have anything formalized in userspace for this? We've got NoNewPrivileges in systemd but it's not really user-oriented AFAIK... Maybe lkml isn't the right place to pose this question, any pointers appreciated though. Cheers, Vito Caputo
Powered by blists - more mailing lists