LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Filesystem capabilities in Fedora 10

Filesystem capabilities in Fedora 10

Posted Jan 8, 2009 13:48 UTC (Thu) by elanthis (guest, #6227)
In reply to: Filesystem capabilities in Fedora 10 by asamardzic
Parent article: Filesystem capabilities in Fedora 10

In order for a program to get superuser privileges it must already have superuser privileges. The alternative is to break apps up into two parts -- the frontend and the secured backend -- but that is neither practical for many projects nor actually a complete solution. If _any_ part of the program runs setuid then there is an opportunity for exploit. If _no_ part of it runs as setuid, then there essentially is no opportunity.

That is what capabilities are for. Give the program only what it needs and nothing else. You can take it a step further and split the program into frontend and backend pieces and give only the backend piece the capability necessary, too.

(Log in to post comments)

Filesystem capabilities in Fedora 10

Posted Jan 8, 2009 14:34 UTC (Thu) by kilpatds (subscriber, #29339) [Link]

It's not that hard to do: I've even got a library (PrivMan) to help. But it's still a good idea: it's usually a good idea to reduce the lines of code you have to audit/trust, and a good idea to replace less audited code with more audited code.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds