Re: patch to make Linux capabilities into something useful (v 0.3.1)

[Serge E. Hallyn]

Quoting David Madore (david.madore@xxxxxx):
> My patch doesn't change any of this (I've checked), since it uses
> inheritance rules for capabilities which are closely modeled upon
> those of {r,s,e}uid (in fact, that's my very reason for "changing"
> things), and since the bash method of dropping privileges is also kept
> woring.

Ah, ok.  So there is in fact no change in setuid behavior at all then.

Do you have a little testsuite you've run which you could make available
someplace?  Or a few test programs you could toss into a tarball and
call a testsuite?  :)

> (b) necessary for security reasons (it is imperative that the parent
> of a suid root process cannot prevent that process from keeping
> privileges, otherwise we get the sendmail bug again).

Good point.

> To summarize my answer: as far as I know, my patch does not change
> suid behavior: I've taken great care not to let that happen.  It does
> change the documented inheritance behavior of capabilities, but that
> is unavoidable.
> 
> PS: I should be releasing a new version of my patch, along with a
> merged version of yours, very shortly.

Could you cc: the lsm list (linux-security-module@xxxxxxxxxxxxxxx)?
I'd particularly have Chris Wright give some comment as he's spent a
lot of time looking at capabilities.

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/