From: Chris Wright <chris@wirex.com>
To: Dax Kelson <dax@gurulabs.com>
Cc: Chris Wright <chris@wirex.com>,
Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil>,
Michael Kerrisk <m.kerrisk@gmx.net>,
linux-kernel@vger.kernel.org
Subject: Re: Status of capabilities?
Date: Sat, 6 Jul 2002 13:56:54 -0700 [thread overview]
Message-ID: <20020706135654.A25414@figure1.int.wirex.com> (raw)
In-Reply-To: <1025218353.3997.33.camel@mentor>; from dax@gurulabs.com on Thu, Jun 27, 2002 at 04:52:33PM -0600
* Dax Kelson (dax@gurulabs.com) wrote:
> On Thu, 2002-06-27 at 14:54, Chris Wright wrote:
> > * Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil) wrote:
> > >
> > > Actually, I think most of that work has already been done by the Linux
> > > Security Module project (well, except #7).
> >
> > The LSM project supports capabilities exactly as it appears in the
> > kernel right now. The EA linkage is still missing. Of course, we are
> > accepting patches ;-)
>
> Has either lscap or chcap been written? I suppose not as that would
> require a consensus on how capabilities would be stored as a EA.
You might take a look at the linux-privs stuff. I believe it's pretty
out of date, but you can see where things left off. Specifically, the
fcap parts.
>
> That EA would need to be "special" and only be changeable by uid 0 (or
> CAP_CHFSCAP).
Actually, that would be CAP_SETFCAP as defined by the standard.
> So, has any of the below changed now that LSM has entered the picture?
No. The EA bits are the important part.
> 1. Define how capabilities will be stored as a EA
> 2. Teach fs/exec.c to use the capabilities stored with the file
> 3. Write lscap(1)
> 4. Write chcap(1)
> 5. Audit/fix all SUID root binaries to be capabilities aware
> 6. Set appropriate capabilities with for each with chcap(1) and then:
> # find / -type f -perm -4000 -user root -exec chmod u-s {} \;
> 7. Party and snicker in the general direction of that OS with the slogan
> "One remote hole in the default install, in nearly 6 years!"
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2002-07-06 20:55 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-26 12:40 Status of capabilities? Michael Kerrisk
2002-06-27 6:05 ` Dax Kelson
2002-06-27 12:57 ` Jesse Pollard
2002-06-27 20:54 ` Chris Wright
2002-06-27 22:52 ` Dax Kelson
2002-07-06 20:56 ` Chris Wright [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-06-28 13:20 Jesse Pollard
2002-05-10 6:28 Michael Kerrisk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020706135654.A25414@figure1.int.wirex.com \
--to=chris@wirex.com \
--cc=dax@gurulabs.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.kerrisk@gmx.net \
--cc=pollard@tomcat.admin.navo.hpc.mil \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox