Re: More capabilities stuff...

Y2K (y2k@y2ker.com)
Mon, 17 May 1999 10:19:00 -0700 (PDT)


On Sun, 16 May 1999, John Wojtowicz wrote:
> I would believe that eventually you would want to convert all uid 0
> checks in the kernel to
> capabilities checks.
Already be done fairly well. If you find one that isn't yet done then its
a bug. Also has issecure(SECURE_NOROOT) and
issecure(SECURE_NO_SETUID_FIXUP) .
> Then if you've compiled the kernel with out
> capabilities enabled,
> you'd dummy up the effective, permitted and inheritable sets for all
> uid 0 processes to
> have ALL privileges in it, and all other normal users have NONE in their
> process capability sets.
> If it is enabled then you perform the normal capabilities calculations
> whenever a process is
> exec()'ed.
There is support is fs/exec.c(prepare_binprm and compute_creds) for what
happens when you exec. there is also cap_emulate_setxuid in kernel/sys.c
that controls what happens when you setreuid and family.
> Is this the plan Linus?
> Capabilities checks should apply to all programs and processes not just
> setuid root ones, or ones
> run by root. Thats the whole point of principle of least privilege, to
> obsolete the setuid bit
> and the all powerful root user.
Yes and its being done. Could you check some of the changes in
prepare_binprm etc and see if they are to your liking?

--
Any caps I mention are *derived* from a withdrawn draft posix document.
See http://www.millenniumproductsllc.com/sjp/ for more info.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/