LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: disable-cap-mlock

[Posted April 6, 2004 by corbet]

From:  William Lee Irwin III <wli-AT-holomorphy.com>
To:  Stephen Smalley <sds-AT-epoch.ncsc.mil>, Andrea Arcangeli <andrea-AT-suse.de>, Andrew Morton <akpm-AT-osdl.org>, lkml <linux-kernel-AT-vger.kernel.org>, kenneth.w.chen-AT-intel.com, Chris Wright <chrisw-AT-osdl.org>
Subject:  Re: disable-cap-mlock
Date:  Thu, 1 Apr 2004 09:51:14 -0800

On Thu, Apr 01, 2004 at 12:37:51PM -0500, Stephen Smalley wrote:
>> What prevents any uid 0 process from changing these sysctl settings
>> (aside from SELinux, if you happen to use it and configure the policy
>> accordingly)?

On Thu, Apr 01, 2004 at 09:44:05AM -0800, William Lee Irwin III wrote:
> I'm aware it does some very unintelligent things to the security model,
> e.g. anyone with fs-level access to these things can basically escalate
> their capabilities to "everything". Maybe some kind of big fat warning
> is in order.


Index: mm4-2.6.5-rc3/security/Kconfig
===================================================================
--- mm4-2.6.5-rc3.orig/security/Kconfig	2004-04-01 07:38:49.000000000 -0800
+++ mm4-2.6.5-rc3/security/Kconfig	2004-04-01 09:49:43.000000000 -0800
@@ -49,6 +49,13 @@
 	depends on SECURITY!=n
 	help
 	  This allows you to disable capabilities with sysctls.
+	  It effectively breaks the kernel's security model so that
+	  any user with fs-level access to /proc/sys/capability/*
+	  can escalate their privileges to "able to do anything",
+	  but some users have special-case needs for these things.
+	  Don't use this on any system with untrusted local users.
+	  It's probably best to firewall the living daylights out
+	  of anything using this also.
 
 source security/selinux/Kconfig
 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
(Log in to post comments)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds