|
|
Log in / Subscribe / Register

Fedora to (try to) remove setuid files for F15

Fedora to (try to) remove setuid files for F15

Posted Oct 29, 2010 13:21 UTC (Fri) by nelhage (subscriber, #59579)
Parent article: Fedora to (try to) remove setuid files for F15

While I appreciate the effort, this seems unlikely to actually help much. There
will still be programs like 'sudo' and 'su' that need CAP_SETUID or similar
permissions that can probably be easily leveraged to gain full privileges. The
right solution is probably to kill both file capabilities and setuid, and to use
something like PolicyKit that sets security policy and grants privileges to
authorized processes, for instance by passing file descriptors over a local
socket.

Honestly, I question whether moving to file capabilities is even an improvement
-- attackers will probably find ways around this, and system administrators are
already familiar with and understand setuid. I don't even know offhand, for
instance, how to check which capabilities a file has.

to post comments

Fedora to (try to) remove setuid files for F15

Posted Oct 29, 2010 13:22 UTC (Fri) by mattdm (subscriber, #18) [Link] (1 responses)

/usr/sbin/getcap, FWIW.

Fedora to (try to) remove setuid files for F15

Posted Oct 29, 2010 13:23 UTC (Fri) by mattdm (subscriber, #18) [Link]

And colorized ls makes them show up with a red background, similar to suid binaries.

Fedora to (try to) remove setuid files for F15

Posted Oct 29, 2010 14:06 UTC (Fri) by SEJeff (guest, #51588) [Link] (2 responses)

There are still administrators who couldn't figure out how to remove a file you set immutable with chattr +i to save their life. There are still lots of nix professionals who don't get {set,get}facl when it is actually very easy to learn. At least gnu ls shows these files in red when color mode is enabled or a + on the right hand side of the permissions line for facls. Plenty of people don't understand how to use or tweak their shiney Linux userland to the the max. As a Linux professional I would consider myself one that hasn't "learned it all".

That will never stop. However, this is a noteworthy goal. Preventing su / sudo is not the point. Preventing bugs in applications that think they need root and then perhaps drop privs _is th point_. To that end, it is a noble goal and one I look forward to seeing the results of.

Just like how SELinux prevents a lot of stock exploits and worms cold, this is another layer in the security bag-o-tricks.

Fedora to (try to) remove setuid files for F15

Posted Oct 30, 2010 21:00 UTC (Sat) by jcm (subscriber, #18262) [Link] (1 responses)

I'm more concerned that file capabilities work on all filesystems you might be using and that existing capability is preserved in the migration. I know that new things come along all the time, but I'm not in favor "change for the sake of change". I'm in favor of "change that fixes a real problem". In my mind, I think we have other bigger problems (like update policy).

Fedora to (try to) remove setuid files for F15

Posted Oct 30, 2010 21:18 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

Update policy is entirely orthogonal to this. Why should we prevent people working on other things to make Fedora better just because we haven't finished the process of developing our update policy?

Fedora to (try to) remove setuid files for F15

Posted Oct 30, 2010 8:17 UTC (Sat) by marcH (subscriber, #57642) [Link]

> While I appreciate the effort, this seems unlikely to actually help much. There will still be programs like 'sudo' and 'su' that need CAP_SETUID or similar permissions that can probably be easily leveraged to gain full privileges.

See answer here:

http://lwn.net/Articles/412395/


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds