Re: Password access to re-add capabilities to running kernel

• Next message: Marc Lehmann: "Re: Does the list reject mails with attachments?"
• Previous message: Linda Walsh: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
• In reply to: Chris Evans: "Re: Password access to re-add capabilities to running kernel"
• Next in thread: Chris Evans: "Re: Password access to re-add capabilities to running kernel"
• Reply: Chris Evans: "Re: Password access to re-add capabilities to running kernel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Okay, I wrote up a functional alpha version of this patch, which is at:

http://www.neuron.net/~lamont/

Its a patch against SysVinit-2.78-5.1 from RH6.2

It reads an md5 password hash from /etc/capabilities.conf and then
accepts a command via /dev/initctl containing a value and a passphrase
and if the passphrase hashes to the the password hash it changes cap-bound
to the value. Obviously /etc/capabilities.conf needs to be immutable.
It adds the command /sbin/capset to read the pass phrase and send the
command packet to /dev/initctl.

Comments, patches welcome.

On Tue, 2 May 2000, Chris Evans wrote:
> On Mon, 1 May 2000 lamont@icopyright.com wrote:
> > The problem is that I'd like to be able to use capabilities to secure
> > a system, however, I don't want to necessitate a lot of trips out to a
> > remote site everytime we make a mistake and need to change a file that
> > we've made immutable. The solution, it seems, is to compromise security
> > of the capabilities somewhat by adding a password to the system which
> > allows the sysadmin to remove any/all of the capabilities restrictions.
> > This is similar to what LIDS does, however, I'd rather have a patch with
> > only does this rather than a patch which also includes portscan detectors
> > in the kernel, etc.
>
> There's already a "recognised" way to go about this, and that's via pid 1,
> init.
>
> init has the power to lower system securelevel (or in modern kernels,
> change the capability bounding set). It also has the power to dish out
> capabilities to arbitrary other processes.
>
> All that is needed is a modification to init to accept a password via its
> UNIX domain socket, and do some appropriate capability jiggling.
>
> If you do modify init, though, be careful to try and keep it secure. For
> example, a buffer overflow in the password parsing/verification routine
> would be incredibly bad news. Also, the default configuration should be
> kept "no backdoor password".
>
> Cheers
> Chris
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Marc Lehmann: "Re: Does the list reject mails with attachments?"
• Previous message: Linda Walsh: "Re: [PATCH] (for 2.3.99pre6) audit_ids system calls"
• In reply to: Chris Evans: "Re: Password access to re-add capabilities to running kernel"
• Next in thread: Chris Evans: "Re: Password access to re-add capabilities to running kernel"
• Reply: Chris Evans: "Re: Password access to re-add capabilities to running kernel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:11 EST