Re: Posix capabilities - Rogier Wolff

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rogier Wolff <R.E.Wolff@BitWizard.nl>
To: "Theodore Ts'o" <tytso@mit.edu>,
	Andreas Gruenbacher <agruen@suse.de>,
	Olaf Dietsche <olaf.dietsche#list.linux-kernel@t-online.de>,
	linux-kernel@vger.kernel.org
Subject: Re: Posix capabilities
Date: Fri, 18 Oct 2002 18:13:56 +0200	[thread overview]
Message-ID: <20021018181356.A1664@bitwizard.nl> (raw)
In-Reply-To: <20021017121213.GA13573@think.thunk.org>

On Thu, Oct 17, 2002 at 08:12:13AM -0400, Theodore Ts'o wrote:
> On Thu, Oct 17, 2002 at 01:02:25PM +0200, Andreas Gruenbacher wrote:
> > Filesystem capabilities move complexity out of applications into the
> > file system (=system configuration), so the admins have to deal with
> > an additional task.
> > 
> > From a security point of view suid root applications that are
> > dropping capabilities voluntarily aren't much different from plain
> > old suid root apps; there may still be exploitable bugs before the
> > code that drops capabilities (which doesn't mean that apps shouldn't
> > drop capabilities). With capabilities the kernel ensures that
> > applications cannot exceed their capabilities.
> 
> If developers drop capabilities they don't need as the very first
> thing that the program does --- i.e., the first statement in main()
> --- then it's done once, and it's no longer a configuration issue.

I'm a C-programmer. I've looked at C++ a long time ago. 

Turns out that my system also supports C++. I still don't care. 

Turns out that C++ specifies that some code should be run before main
starts. 

It seems that if I happen to link with a library that uses C++
internally, some code in that library can get run before my first
statement in main.  Suddenly it IS my problem. 

NOT GOOD. 

If capabilities are correctly implemented, having "all" capabilities
will mean that it's equivalent to "setuid-root". Nothing worse than
what we have now. I can currently decide to take the setuid-ness of
mount away. I can currently decide to install a setuid bit on "lilo".
That is the flexibility of having it in the filesystem.

				Roger. 

-- 
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2600998 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* The Worlds Ecosystem is a stable system. Stable systems may experience *
* excursions from the stable situation. We are currenyly in such an      * 
* excursion: The stable situation does not include humans. ***************

next prev parent reply	other threads:[~2002-10-18 16:08 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-16 15:44 Posix capabilities Stefan Schwandter
2002-10-16 16:22 ` Bosko Radivojevic
2002-10-17  3:26 ` Theodore Ts'o
2002-10-17  4:00   ` GrandMasterLee
2002-10-17 13:22     ` Horst von Brand
2002-10-18  6:38       ` GrandMasterLee
2002-10-17 10:37   ` Olaf Dietsche
2002-10-17 11:02     ` Andreas Gruenbacher
2002-10-17 12:12       ` Theodore Ts'o
2002-10-17 15:36         ` Olaf Dietsche
2002-10-17 17:17           ` Alex Riesen
2002-10-18 16:13         ` Rogier Wolff [this message]
2002-10-17 13:40     ` Henning P. Schmiedehausen
2002-10-17 12:05   ` Stefan Schwandter
2002-10-17 12:20     ` Theodore Ts'o
2002-10-20 14:16       ` Pavel Machek
2002-10-27 13:46         ` Andreas Gruenbacher
  -- strict thread matches above, loose matches on Subject: below --
2002-10-17 20:43 Neil Schemenauer
2002-10-20 14:18 ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021018181356.A1664@bitwizard.nl \
    --to=r.e.wolff@bitwizard.nl \
    --cc=agruen@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=olaf.dietsche#list.linux-kernel@t-online.de \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.