Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 27 Jun 2002 08:57:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 27 Jun 2002 08:57:31 -0400 Received: from tomcat.admin.navo.hpc.mil ([204.222.179.33]:14100 "EHLO tomcat.admin.navo.hpc.mil") by vger.kernel.org with ESMTP id ; Thu, 27 Jun 2002 08:57:30 -0400 Date: Thu, 27 Jun 2002 07:57:19 -0500 (CDT) From: Jesse Pollard Message-Id: <200206271257.HAA61267@tomcat.admin.navo.hpc.mil> To: dax@gurulabs.com, Michael Kerrisk Subject: Re: Status of capabilities? In-Reply-To: <1025157926.1652.35.camel@mentor> Cc: linux-kernel@vger.kernel.org X-Mailer: [XMailTool v3.1.2b] Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1730 Lines: 41 Dax Kelson : > > On Wed, 2002-06-26 at 06:40, Michael Kerrisk wrote: > > > What's still missing in 2.4, as far as I can see after reading the sources, > > is the ability to set capabilities on executable files so that a process > > gains those privileges when executing the file. I recall seeing some > > information somewhere saying this wasn't possible / wasn't going to happen > > for ext2. Is it on the drawing board for any file system? > > The 2.5 VFS supports Extended Attributes (since 2.5.3). I think the plan > was use EAs to store capabilities. So I believe that the infrastructure > is in place, someone with the proper skills just needs to: > > 1. Define how capabilities will be stored as a EA > 2. Teach fs/exec.c to use the capabilities stored with the file > 3. Write lscap(1) > 4. Write chcap(1) > 5. Audit/fix all SUID root binaries to use capabilities > 6. Set appropriate capabilities with for each with chcap(1) and then: > # find / -type f -perm -4000 -user root -exec chmod u-s {} \; > 7. Party and snicker in the general direction of that OS with the slogan > "One remote hole in the default install, in nearly 6 years!" Actually, I think most of that work has already been done by the Linux Security Module project (well, except #7). see: http://lsm.immunix.org/ ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollard@navo.hpc.mil Any opinions expressed are solely my own. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/