Re: caps in elf, next itteration (the hack get's bigger)

David L. Parsley (kparse@salem.k12.va.us)
Wed, 14 Apr 1999 09:54:16 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen C. Tweedie: "Re: [PFC]: hash instrumentation"
Previous message: T. S. Horsnell: "Re: 2.2.5 kernel/routing/firewalling"

On Wed, 14 Apr 1999, Pavel Machek wrote:

> _IF_ you go for ext2-only solution, you may as well add capabilities
> into ext2 directly.

No, the stickable solution also has the nice property of working with
current tools right away (and I didn't explain this before). We just have
to change the kernel's behavior wrt setting the sticky bit. Under this
scheme, setting the sticky bit is a priviledged operation requiring
CAP_SETFCAP. If the current process has this cap raised, the kernel will
comply by setting _both_ the sticky bit and the immutable bit; otherwise,
neither gets set. This way, tar, rpm, dpkg, etc... can all be made to
work fine by just setting their inheritable bits properly.

> Well - it changes something. You'll have to go out and tell everyone
> "stickybit + immutable is deadly combination". Many times.

Yes, but consider _who_ will be the pioneers to first check the "CAP-ELF
support (experimental)" box in kernel configuration. The help should say
"Don't check this box without knowing what you're doing; it completely
changes the UNIX security model. For documentation, see..."

I also espouse an option where the kernel will still honor 'setuid root'
the old way, with all caps, to help during transition.

> I do not have to do such things. setuid-marked executables actually
> look more dangerous than they are. WHICH IS RIGHT.

Yes, but as I've shown, you'll have to mark a _lot_ of files setuid0 that
weren't previously. Capabilities support is a big change from traditional
UNIX security, and we'll just have to deal with it. Fortunately, the
stickable solution gives us a really easy upgrade path without having to
patch all the system utilities. (except to run 'setcap' or whatever on
them)

> Pavel
> --
> The best software in life is free (not shareware)! Pavel
> GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+
>

- --
David L. Parsley
Network Specialist
City of Salem Schools

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen C. Tweedie: "Re: [PFC]: hash instrumentation"
Previous message: T. S. Horsnell: "Re: 2.2.5 kernel/routing/firewalling"