Re: File capabilities are not 'working' and I have no idea why

[Serge E. Hallyn]

Quoting Aaron Jones (aaronmdjones@xxxxxxxxx):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> I have isolated the problem. File capabilities are not assigned when
> the program being executed is located on a filesystem mounted with
> the "nosuid" option.
> 
> This seems counter-intuitive; a fully capability-based system would
> not use setuid binaries...

Not strictly true.  setuid really just means 'change uid'.  The fact
that it can also raise/lower capability sets just muddles the issue.
If you want that behavior stopped you can do so using
SECBIT_NO_SETUID_FIXUP.

>  so a logical thing to do would be to
> prevent the setuid bits from doing anything, which is what the
> nosuid flag is for, no?
> 
> Or am I missing something?
> 
> Can we get a config flag to toggle this behaviour?

I think generally when people mount nosuid it is to prevent
an untrusted source (usb stick, whatever) from providing a
untrusted but privileged program.  Be that through setuid-root
binaries or file capabilities.

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/