| |||||||||||||
A bid to resurrect Linux capabilitiesA bid to resurrect Linux capabilitiesPosted Sep 14, 2006 19:18 UTC (Thu) by giraffedata (subscriber, #1954)Parent article: A bid to resurrect Linux capabilities
I've always wondered why the security conscious world hasn't paid more attention to using Linux capabilities. People go to great lengths to change UID and re-exec things and create setuid helper programs and such to reduce the amount of code that has privilege, but Linux capabiities do the same thing (by design, that is) and get ignored. I liked the idea so much for protecting my own systems that I made a few small fixes to Linux 2.4 years ago to make capabilities work, wrote the missing administration tools for them, and have used them extensively. Hardly anything runs as superuser on my systems. For the missing setuid function (attaching capabilities to files), I used an idea that was posted in a comment to an LWN article on the topic a few years ago: Rather than mess with exec and filesystem code, I wrote a simple executable interpreter (those are modular in Linux; the ELF interpreter is one example). Execing a privilege-raising program is two steps: user execs a setuid file which is in "capx" format, and that file sets proper capabilities then execs the regular non-setuid ELF file. It will be nice to have a clean, working implementation in mainstream Linux, but I wonder if anyone will use it, since they haven't cared so far. I'm the only person I've ever known to use capabilities.
(Log in to post comments)
A bid to resurrect Linux capabilities Posted Sep 15, 2006 9:27 UTC (Fri) by jbailey (subscriber, #16890) [Link] I suspect yes. The problem in that scenario is that you still have to go to full priviledges first. So while the attack vector is very small and unlikely, it's not non-existant.
If we had fullsystem-based priviledge raises beyond just SUID/SGID, I suspect it would be taken up quite quickly by distros.
Tks,
|
|||||||||||||