Re: [PATCH]: alternative security - special gids
Alexander Kjeldaas (astor@fast.no)
Sun, 30 May 1999 14:52:56 +0200
On Fri, May 28, 1999 at 06:42:22PM -0300, Augusto Cesar wrote:
>
> This is a little more robust patch of the old idea of the special gids.
> This patch add a feature in socket layer that allows you to perform
> certain privileged operations without requiring root access.
>
> This is from idea: 'I don't like much suid root programs, they can be a
> security problem in the future'.
>
> Many many programs uses suid root only to access raw sockets or bind
> privileged ports, with this patch you can set 2 gids via sysctl with full
> access to raw sockets or privileged ports.
>
> For default, the 2 special gids are:
>
> GID 16: a program running with group 16 privileges can bind to a
> privileged port ( < 1024 ). This allows programs like: rlogin, rcp,
> rsh, and ssh to run setgid 16 instead of setuid root. This also allows
> servers that need to run as root to bind to a privileged port like named,
> to also run setgid 16.
>
> GID 17: any program running under GID 17 privileges will be able to
> create a raw socket. Programs like ping and traceroute can now
> be made to run setgid 17 instead of setuid root.
>
>
> But for others reasons you can't use these gids, it can be configured via
> sysctl, or doing the simple:
>
> echo "new-gid" > /proc/sys/net/ipv4/socket_port_gid
> echo "new-gid" > /proc/sys/net/ipv4/socket_raw_gid
>
>
> IMHO this can be a permanent feature of kernel, it open a big door for
> more secure distribuitions, please give me some feedback of this idea.
>
This is already available in the kernel using capabilities - and can
be done for any GID.
astor
--
Alexander Kjeldaas, Fast Search & Transfer, Trondheim, Norway
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/