Re: Capabilities across execve

From: Chris Wright
Date: Sat Mar 12 2005 - 22:22:36 EST

* Alexander Nyberg (alexn@xxxxxxxxx) wrote:
> This makes it possible for a root-task to pass capabilities to
> nonroot-task across execve. The root-task needs to change it's
> cap_inheritable mask and set prctl(PR_SET_KEEPCAPS, 1) to pass on
> capabilities.

This overloads keepcaps, which could surprise to existing users.

> At execve time the capabilities will be passed on to the new
> nonroot-task and any non-inheritable effective and permitted
> capabilities will be masked out.
> The effective capability of the new nonroot-task will be set to the
> maximum permitted.

What happens to eff on setuid() to non-root or restore to uid 0?
What happens if you exec a setuid-root binary, or a setuid-nonroot binary?
How about ptrace?

Here's the tests I use.

Linux Security Modules

Attachment: testcap.tgz
Description: GNU Unix tar archive