Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp2572145ybk; Tue, 12 May 2020 02:47:14 -0700 (PDT) X-Google-Smtp-Source: APiQypJzOo3MNJiH9FA7YD/BsVLXCCEnEG/MG1JYf8XBlEERuGNUPh3W4kDxj47odUIWzbEnfIPL X-Received: by 2002:a17:906:8152:: with SMTP id z18mr16209716ejw.4.1589276834301; Tue, 12 May 2020 02:47:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589276834; cv=none; d=google.com; s=arc-20160816; b=laEABSWWopkzwFhlc9KoDZTu1ZU/9dt8Hjs7YGPC69TyygGKADnci4TQZxNVoSysAx 6Vnhyc5X32dle1CMJ5/0w+XYYgfJUMLJJBx/7cf6bKoQ6gzj+DGyfUji6zUP2NKWqs8u uP3Pj9IAi6MEKuyIkEyhjgwKq7FiLfHYoErnkwC/MGFJ8WEZUFPxhzUM9TydaYPocJ1N uleQpuVr4ivDsOglYz3gzG1C6l2p2oTmwMDFSt8yMrsyNW+/O57axj9q9Q/A7eT4F6WE lWZL5egGg4kN1vow5Asdjnuy6f6w3mKneUin29tQiq4H2w78AlmS2bWVsf4LrLfD71f0 ujng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition:mime-version :message-id:subject:to:from:date; bh=/SQi+qCOWVRicJic0j39/M28nkM6ADF81QgiD4JkYII=; b=toc0bttCdqGpSV76eUg2JJ09AGiaGb5x+l/TnnvU+AHLlR9izReclLPr3GC5ZCfe9u Ugq2vCryje2zbb5ymB88B5/VCrhvQgQAceKt0u9izryJ2AR32ZM69iu8m01ANXrGQv8T 7NW5y5KHPnUldXqKNPZbxD3WKbXy6qec15Bnu9yHUKHZhfRCxe5bcx2qZjXJUbzAmeot Qfv7QL9Glrxo30t6HFYIbuD4bjzk5sUIGQ3TeVc8VS3KoIhlE57JR8k1FVcvEKKeZi6L WdmKS0FBYzqTv2iUEpWFZH6Z3SYspN5KhqifBXgeHDTo8nPAnfdv1txdAJiBU4KDTAz+ 0t/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e7si7518185edv.284.2020.05.12.02.46.51; Tue, 12 May 2020 02:47:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729178AbgELJpZ (ORCPT + 99 others); Tue, 12 May 2020 05:45:25 -0400 Received: from shells.gnugeneration.com ([66.240.222.126]:48870 "EHLO shells.gnugeneration.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728416AbgELJpZ (ORCPT ); Tue, 12 May 2020 05:45:25 -0400 Received: by shells.gnugeneration.com (Postfix, from userid 1000) id 2577B1A40053; Tue, 12 May 2020 02:45:24 -0700 (PDT) Date: Tue, 12 May 2020 02:45:24 -0700 From: Vito Caputo To: linux-kernel Subject: Question regarding blocking set[ug]id on processes including via suid executables Message-ID: <20200512094524.662gnls64rwjhct2@shells.gnugeneration.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello folks, I'm curious if someone knows a way to do this using existing linux interfaces. I'd like to create a login lacking the ability to switch uid/gid. Even if the process has access to suid executables like /bin/su, and the user has the root password, I'd like the descendant processes of their login to be simply incapable of changing uid/gid, even when it's in the form of running a program w/suid bit set on an existing and accessible executable in the filesystem. No matter what, it just can't happen. Do we have any such thing today? I'd really like to be able to set this on a specific user and all logins of that user are simply stuck on that uid no matter what. Thanks in advance, Vito Caputo