Request change in behaviour of capability inheritance.
From: rgarcia
Date: Thu Mar 08 2007 - 03:40:07 EST
I think that the current behaviour of capability inheritance across exec()
is not optimal.
The current behaviour consists in all effective and permitted capabilities
are cleared across a exec(). This is because it seems to be intended that
in the future the executable files have a set of "allowed" and "forced"
capabilities. If a capability is not allowed, it is not permitted in an
inherited process. But at pressent, there is no attribute of "allowed"
capabilities in the filesystem, and the behaviour is that no capability is
allowed.
I request to change this behaviour. By default all capabilities should be
allowed, that is, inherited across exec().
This is neccessary to protect a daemon without changing its source. With
the requested behaviour, it would be posible to launch a daemon intented
to run as root, as an unpriviledged user but with the neccessary
capabilities, by using a script or program that changes the uid and the
capabilities and then launches the daemon.
Thus the present behaviour of no "allowed" capabilities pretends to be
more secure, but is actually less secure. By default, all parent
priviledges should be inherited, because this allows one to create
programs and scripts that execute daemons or other programs in a
restricted environment.
I am modifying kernel source for our own setup. I think others should
----------------------------------------------
Ramon Garcia Fernandez
Kotasoft, your experts in Linux consulting
----------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/