Re: File capabilities are not 'working' and I have no idea why
From: Serge E. Hallyn
Date: Thu Feb 06 2014 - 16:30:45 EST
Quoting Aaron Jones (aaronmdjones@xxxxxxxxx):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I have isolated the problem. File capabilities are not assigned when
> the program being executed is located on a filesystem mounted with
> the "nosuid" option.
>
> This seems counter-intuitive; a fully capability-based system would
> not use setuid binaries...
Not strictly true. setuid really just means 'change uid'. The fact
that it can also raise/lower capability sets just muddles the issue.
If you want that behavior stopped you can do so using
SECBIT_NO_SETUID_FIXUP.
> so a logical thing to do would be to
> prevent the setuid bits from doing anything, which is what the
> nosuid flag is for, no?
>
> Or am I missing something?
>
> Can we get a config flag to toggle this behaviour?
I think generally when people mount nosuid it is to prevent
an untrusted source (usb stick, whatever) from providing a
untrusted but privileged program. Be that through setuid-root
binaries or file capabilities.
-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/