Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752923Ab1DSOfx (ORCPT ); Tue, 19 Apr 2011 10:35:53 -0400 Received: from hrndva-omtalb.mail.rr.com ([71.74.56.122]:60476 "EHLO hrndva-omtalb.mail.rr.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752652Ab1DSOfv (ORCPT ); Tue, 19 Apr 2011 10:35:51 -0400 X-Authority-Analysis: v=1.1 cv=qyUSAyc82z9xLljZQc9ErY9Tl2GSEfqK/XYZS35I9d8= c=1 sm=0 a=wom5GMh1gUkA:10 a=n9MmX0RCC_8A:10 a=Rj1_iGo3bfgA:10 a=8nJEP1OIZ-IA:10 a=eAWTIsOZi86Vnn5xZOjC/w==:17 a=pGLkceISAAAA:8 a=hBqU3vQJAAAA:8 a=CZ2Bs_yQ-uKZIu-BEzYA:9 a=wPNLvfGTeEIA:10 a=MSl-tDqOz04A:10 a=4gZ4WExUoD4A:10 a=eAWTIsOZi86Vnn5xZOjC/w==:117 X-Cloudmark-Score: 0 X-Originating-IP: 70.123.154.172 Date: Tue, 19 Apr 2011 09:35:48 -0500 From: "Serge E. Hallyn" To: crocket , Michael Kerrisk , Andrew Morgan Cc: linux-kernel@vger.kernel.org Subject: Re: Linux capabilities shouldn't be lost during setuid to non-root from root or to another non-root uid from a non-root uid. Message-ID: <20110419143548.GA26461@hallyn.com> References: <20110417180722.GA21112@hallyn.com> <20110418082838.GA30088@hallyn.com> <20110418220232.GA15967@hallyn.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1401 Lines: 36 Quoting crocket (crockabiscuit@gmail.com): > Thanks for the precious information. > > I think capsh should be introduced somewhere in some manuals. Would mentioning capsh in capabilities(7) be a good idea? > On Tue, Apr 19, 2011 at 10:14 AM, crocket wrote: > > Is there an existing utility that sets SECBIT_NO_SETUID_FIXUP? > > Or is there a way to set it without writing a C wrapper program? > > > > On Tue, Apr 19, 2011 at 7:02 AM, Serge E. Hallyn wrote: > >> Quoting crocket (crockabiscuit@gmail.com): > >>> I have several questions. > >>> > >>> 1) How do I set SECBIT_NO_SETUID_FIXUP? > >> > >> prctl(PR_SET_SECUREBITS, SECBIT_NO_SETUID_FIXUP | SECBIT_NO_SETUID_FIXUP_LOCKED) > >> > >> see capabilities(7) for details. > >> > >>> 2) Is there any reason to unset SECBIT_NO_SETUID_FIXUP by default? > >> > >> Yes, because it's what userspace expects. ?If you prefer to run in > >> a full POSIX capabilities environment with unprivileged root, you > >> can have init set SECBIT_NO_SETUID_FIXUP and SECBIT_NOROOT and > >> tune userspace to do the right thing, but it's not trivial. > >> > >> -serge > >> > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/