Re: linux capabilities (was: Should openSUSE review it's Security Policies?)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: linux capabilities (was: Should openSUSE review it's Security Policies?)

Per Jessen-2
Roger Oberholtzer wrote:

> On Thu, 2012-03-01 at 19:53 +0000, Jim Henderson wrote:
>> On Thu, 01 Mar 2012 14:52:43 +0100, Per Jessen wrote:
>>
>> > Well, maybe start with "man capabilities".  I think that is where I
>> > saw
>> > CAP_NET_BROADCAST mentioned.  I have never played with any of this,
>> > but my understanding is that you can manage various capabilities on
>> > a
>> > per-process or per-user basis.  I'm grasping at straws, but I'm
>> > sure somebody here will have an actual understanding of this.
>>
>> From what I understand, kernel capabilities are disabled selectively
>> - you start a program as root and it has access to everything, and
>> then the program (perhaps also an external process can do this - that
>> I don't know) disables what the program shouldn't be allowed to do.
>
> The kernel does this. If the UID is 0 (root) some set of permissions
> are enabled. If not 0 (not running as root) a different default set
> are enabled. The 'capabilities' mechanism allows extension of what non
> 0 UID apps can do. The permissions, it seems, are stored in the file
> system along with the executable (see 'man capabilities'). So, I would
> imagine it requires either a specific file system, or that additional
> file system options be enabled. The man page is rather vague.

I think it requires extended attributes, that's all.
This has a good explanation (imo):

http://www.cis.syr.edu/~wedu/seed/Labs/Documentation/Linux/How_Linux_Capability_Works.pdf

Thinking out loud:
Maybe you could run your third-party broadcasters from a little wrapper
that drops privileges & capabilities, except CAP_NET_BROADCAST?  You'd
still need root to begin with, but the actual software would then run
unprivileged.


--
Per Jessen, Zürich (6.0°C)

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Re: linux capabilities (was: Should openSUSE review it's Security Policies?)

Roger Oberholtzer
On Fri, 2012-03-02 at 08:33 +0100, Per Jessen wrote:

> I think it requires extended attributes, that's all.
> This has a good explanation (imo):
>
> http://www.cis.syr.edu/~wedu/seed/Labs/Documentation/Linux/How_Linux_Capability_Works.pdf
>
> Thinking out loud:
> Maybe you could run your third-party broadcasters from a little wrapper
> that drops privileges & capabilities, except CAP_NET_BROADCAST?  You'd
> still need root to begin with, but the actual software would then run
> unprivileged.

That could be an option. The trick is to know all the privileges one now
has that are not needed. To miss any would be sloppy. It would be useful
to be able to set the privileges to a non root level and then add the
ones wanted.

Thanks for the link. Always something new to learn.


Yours sincerely,

Roger Oberholtzer

OPQ Systems / Ramböll RST

Office: Int +46 10-615 60 20
Mobile: Int +46 70-815 1696
[hidden email]
________________________________________

Ramböll Sverige AB
Krukmakargatan 21
P.O. Box 17009
SE-104 62 Stockholm, Sweden
www.rambollrst.se


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]