Re: posix capabilities inheritance

From: Pavel Machek
Date: Sat Oct 25 2003 - 14:54:44 EST

Next message: Pallipadi, Venkatesh: "[PATCHSET] 0/3 A dynamic cpufreq governor"
Previous message: iain d broadfoot: "Re: Announce: Swsusp-2.0-2.6-alpha1"
In reply to: Andy Lutomirski: "Re: posix capabilities inheritance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > The code to drop privs is not hard, but it's also not trivial.
>
> Here's an example code sequence that demonstrates how a setuid-to-root
> application could drop all capabilities except for CAP_IPC_LOCK and
> then run with the non-privileged uid:
>
> #include <sys/prctl.h>
> #include <sys/capability.h>
>
> ...
>
> cap_t c;
>
> if (prctl(PR_SET_KEEPCAPS, 1UL, 0UL, 0UL, 0UL) < 0 ||
> seteuid(getuid()) < 0 ||
> !(c = cap_from_text("cap_ipc_lock=eip")) ||
> cap_set_proc(c) < 0)
> /* handle error */;
>
> However, I agree that it's often not viable to require application
> changes to achieve the desired result.

IIRC, libraries have special startup sections that run before
main(). And c++ constructors do, too; so wrapper still might be safer
option.

Pavel
--
When do you have a heart between your knees?
[Johanka's followup: and *two* hearts?]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pallipadi, Venkatesh: "[PATCHSET] 0/3 A dynamic cpufreq governor"
Previous message: iain d broadfoot: "Re: Announce: Swsusp-2.0-2.6-alpha1"
In reply to: Andy Lutomirski: "Re: posix capabilities inheritance"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]