Recent Features
| |||||||||||||
The capabilities-based solutionThe capabilities-based solutionPosted Jan 14, 2005 17:05 UTC (Fri) by giraffedata (subscriber, #1954)Parent article: Merging the realtime security module A more comprehensive solution would be to make capabilities work properly As a promoter of capabilities, I'd like to expand on this. The proper Linux alternative to hardcoding certain capabilities to a certain group ID in the kernel is a "setcap" program. That's the equivalent of a classic setuid program in a classic system where privileges are attached to uid (to wit, uid 0). The setcap program has capabilities attached to it. Any process that executes that program gets those capabilities. So you'd just install one of these and give execute permission to the group ID of your choice. I have this running on my systems, with a few lines of change to the base kernel and a program interpreter loadable module. I feel a lot safer with virtually no "superuser" processes. But I agree with the article that there seems to be little interest in fine-grained capabilities, and little hope that a usable capability system will show up in a mainstream Linux kernel in the foreseeable future.
(Log in to post comments)
The capabilities-based solution Posted Jan 17, 2005 23:17 UTC (Mon) by Ross (subscriber, #4065) [Link] One thing I have often wanted are capability flags for permissions whicharen't traditionally reserved for root. Things like opening sockets, creating files, executing programs, running ptrace, forking, etc. I've often wanted to take _away_ those capabilities but there really isn't a way to do so...
|
|||||||||||||