Posix file capabilities are now implemented in linux-2.6.24. Basically, file attributes can be used to give programs root's capabilities. Before we only had capabilities for processes. File capabilities are much easier to implement. This is like partial suid-root, and is a bit better than dropping root, or using access controls on root, because full root power is never activated. Access controls can still be used in conjunction. All of this prevents privilege escalation.
After installing the Attr package, PAM, libcaps-2, and rebooting linux-2.6.24 with the CONFIG_SECURITY_CAPABILITIES, CONFIG_SECURITY_FILE_CAPABILITIES, and CONFIG_EXT2_FS_POSIX_ACL and CONFIG_EXT2_FS_SECURITY kernel options (there are similar options for ext3 and reiserfs), and then following: http://www.friedhoff.org/fscaps.html#Ping I got /bin/ping working without suid-root. It's very straight foreward to set up on an existing system. The caps module is now built-in to the kernel (non-optional) for filesystem support to work dependably. We can use this with any program that runs as root, like klogd, etc, to give it the least possible capabilities. Comments? robert
pgppK3FYA5N6E.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
