Question regarding blocking set[ug]id on processes including via suid executables

From: Vito Caputo
Date: Tue May 12 2020 - 05:45:26 EST

Next message: Will Deacon: "Re: [PATCH v5 17/18] READ_ONCE: Use data_race() to avoid KCSAN instrumentation"
Previous message: Hui Zhu: "[RFC v3 for Linux] virtio_balloon: Add VIRTIO_BALLOON_VQ_INFLATE_CONT to handle THP split issue"
Next in thread: Vito Caputo: "Re: Question regarding blocking set[ug]id on processes including via suid executables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello folks,

I'm curious if someone knows a way to do this using existing linux
interfaces.

I'd like to create a login lacking the ability to switch uid/gid.

Even if the process has access to suid executables like /bin/su, and
the user has the root password, I'd like the descendant processes of
their login to be simply incapable of changing uid/gid, even when it's
in the form of running a program w/suid bit set on an existing and
accessible executable in the filesystem. No matter what, it just
can't happen.

Do we have any such thing today? I'd really like to be able to set
this on a specific user and all logins of that user are simply stuck
on that uid no matter what.

Thanks in advance,
Vito Caputo

Next message: Will Deacon: "Re: [PATCH v5 17/18] READ_ONCE: Use data_race() to avoid KCSAN instrumentation"
Previous message: Hui Zhu: "[RFC v3 for Linux] virtio_balloon: Add VIRTIO_BALLOON_VQ_INFLATE_CONT to handle THP split issue"
Next in thread: Vito Caputo: "Re: Question regarding blocking set[ug]id on processes including via suid executables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]