From: Chris Wright <chris@wirex.com>
To: Dax Kelson <dax@gurulabs.com>
Cc: Chris Wright <chris@wirex.com>,
Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil>,
Michael Kerrisk <m.kerrisk@gmx.net>,
linux-kernel@vger.kernel.org
Subject: Re: Status of capabilities?
Date: Sat, 6 Jul 2002 13:56:54 -0700 [thread overview]
Message-ID: <20020706135654.A25414@figure1.int.wirex.com> (raw)
In-Reply-To: <1025218353.3997.33.camel@mentor>; from dax@gurulabs.com on Thu, Jun 27, 2002 at 04:52:33PM -0600
* Dax Kelson (dax@gurulabs.com) wrote:
> On Thu, 2002-06-27 at 14:54, Chris Wright wrote:
> > * Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil) wrote:
> > >
> > > Actually, I think most of that work has already been done by the Linux
> > > Security Module project (well, except #7).
> >
> > The LSM project supports capabilities exactly as it appears in the
> > kernel right now. The EA linkage is still missing. Of course, we are
> > accepting patches ;-)
>
> Has either lscap or chcap been written? I suppose not as that would
> require a consensus on how capabilities would be stored as a EA.
You might take a look at the linux-privs stuff. I believe it's pretty
out of date, but you can see where things left off. Specifically, the
fcap parts.
>
> That EA would need to be "special" and only be changeable by uid 0 (or
> CAP_CHFSCAP).
Actually, that would be CAP_SETFCAP as defined by the standard.
> So, has any of the below changed now that LSM has entered the picture?
No. The EA bits are the important part.
> 1. Define how capabilities will be stored as a EA
> 2. Teach fs/exec.c to use the capabilities stored with the file
> 3. Write lscap(1)
> 4. Write chcap(1)
> 5. Audit/fix all SUID root binaries to be capabilities aware
> 6. Set appropriate capabilities with for each with chcap(1) and then:
> # find / -type f -perm -4000 -user root -exec chmod u-s {} \;
> 7. Party and snicker in the general direction of that OS with the slogan
> "One remote hole in the default install, in nearly 6 years!"
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2002-07-06 20:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-26 12:40 Status of capabilities? Michael Kerrisk
2002-06-27 6:05 ` Dax Kelson
2002-06-27 12:57 ` Jesse Pollard
2002-06-27 20:54 ` Chris Wright
2002-06-27 22:52 ` Dax Kelson
2002-07-06 20:56 ` Chris Wright [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-06-28 13:20 Jesse Pollard
2002-05-10 6:28 Michael Kerrisk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020706135654.A25414@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=dax@gurulabs.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.kerrisk@gmx.net \
--cc=pollard@tomcat.admin.navo.hpc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.