Re: capabilities patch (v 0.1)

From: Bodo Eggert
Date: Tue Aug 09 2005 - 17:58:44 EST

Next message: Andi Kleen: "Re: smbus driver for ati xpress 200m"
Previous message: Kumar Gala: "Re: [PATCH] ppc32: Added support for the Book-E style Watchdog Timer"
In reply to: Chris Wright: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 9 Aug 2005, Chris Wright wrote:
> * Bodo Eggert (7eggert@xxxxxx) wrote:

> > 1) I wouldn't want an exploited service to gain any privileges, even by
> > chaining userspace exploits (e.g. exec sendmail < exploitstring). For
> > most services, I'd like CAP_EXEC being unset (but it doesn't exist).
>
> Don't let it exec things it shouldn't. This can be done with namespaces
> or for finer-grained, that is what smth like SELinux is made for.

Namespaces may be OK for bind, but things like samba can't really use them
and SELinux sounds more heavyweight (for brain and CPU).

> > 2) There are environments (linux-vserver.org) which limit root to a subset
> > of capabilities. I think they might use that feature, too. Off cause a
> > simple "suid bit" == "all capabilities" scheme won't work there.
>
> IIRC, they effectively use the bounded set as per-context. So it'd not
> make any difference there.

It could possibly be combined into one mechanism (less intrusive patch).

--
Funny quotes:
14. Eagles may soar, but weasels don't get sucked into jet engines.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: smbus driver for ati xpress 200m"
Previous message: Kumar Gala: "Re: [PATCH] ppc32: Added support for the Book-E style Watchdog Timer"
In reply to: Chris Wright: "Re: capabilities patch (v 0.1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]