Re: Utilities don't take into account capabilities

[Mike Frysinger <vapier@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1560 bytes --]

On Sat 16 Aug 2014 21:57:56 Steven Stewart-Gallus wrote:
> The utilities such as mount don't take into account capabilities and always
> fail for non root users which is wrong.
> 
> This is really, really, really annoying when working in a sandboxed non root
> shell with pseudo capabilities.
> 
> One possible solution to my problem is do some complicated checking for
> capabilities that I don't even know how would work. I believe a better and
> simpler approach that would work for possible future extensions as well
> would be to simply drop privileges whenever one is unprivileged and attempt
> to do the task as normally. If you felt like it, a warning along the lines
> of "warning: user is unprivileged, attempting mount without privileges"
> could be made. As a bonus, failed system calls can sometimes leave
> important diagnostic information in the dmesg.

guessing the sandbox isn't really meant for security purposes since 
CAP_SYS_ADMIN can easily be used to recover just about every other capability.
	http://lwn.net/Articles/486306/

especially considering access to mount means you're allowed to mount arbitrary 
filesystems w/arbitrary content including set*id progs.

so what exactly is the point of trying to support CAP_SYS_ADMIN ?

note: i'm not arguing about whether the current UID checks in `mount` are even 
useful ... it'd make the code simpler to just assume the privs exist, else 
it'll get errors from the respective syscalls and the user of a misconfigured 
system can deal with it themselves.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]