> Haven't Linux POSIX capabilities been present in the kernel
> since 2.2?
> I have never used them personally, but have kind of wondered
> why nobody
> else has either.
After my third web trawl after this most elusive of topics - It seems that
Linux capabilities are in 2.4, are used throughout the kernel and are
somewhat mature. However...
There is no support for the equivilant of a setuid executable; only control
on a process by process basis.
The library libcap [sic] recommended for using them hasn't been altered
since 2.2, although it appears to be supported for use under 2.4
It has to be part of Ethereal. It wont work as a launcher app, and you can't
give the shell the right capability and then start Ethereal.
I now believe that Capabilities could be used by Ethereal under Linux and it
would be quick and simple to implement and work on out-of-the-box
distributions from 2.2.19 onward.
The Capabilities FAQ:
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-
0.2.txt
Capabilities in 2.4:
http://www.linuxsecurity.com/feature_stories/kernel-24-security-printer.html
libcap under 2.4:
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/
The Capabilities man page, including the interrim hack for non-existent file
system support:
http://www.icewalkers.com/Linux/ManPages/capabilities-7.html
Capabilities widely used in the 2.4 kernel:
http://www.net-security.org/dl/articles/lsm-usenix.pdf
The famous "sendmail" exploit was fixed in 2.2.16:
http://www.securityfocus.com/archive/1/63959
...after the release of 2.4.0-test1:
http://www.securityfocus.com/archive/1/63960
More on Chris Evan's prctl() patch, a workaround for problems arising from
fixes to the sendmail exploit and the init not starting with CAP_SETPCAP
capability:
http://www.kerneltraffic.org/kernel-traffic/kt20000320_59.html
http://lkml.org/lkml/2001/3/19/13
http://www.aniota.com/securing/minimize-privileges.html is worth quoting in
part:
"... unless other steps are taken, retaining a privilege using POSIX
capabilities requires that the process continue to have the root user id.
Because many important files (configuration files, binaries, and so on) are
owned by root, an attacker controlling a program with such limited
capabilities can still modify key system files and gain full root-level
privilege. A Linux kernel extension (available in versions 2.4.X and
2.2.19+) provides a better way to limit the available privileges: a program
can start as root (with all POSIX capabilities), prune its capabilities down
to just what it needs, call prctl(PR_SET_KEEPCAPS,1), and then use setuid()
to change to a non-root process. The PR_SET_KEEPCAPS setting marks a process
so that when a process does a setuid to a nonzero value, the capabilities
aren't cleared (normally they are cleared). This process setting is cleared
on exec(). However, note that PR_SET_KEEPCAPS is a Linux-unique extension
for newer versions of the linux kernel."
--
Richard Urwin, Private
"No 9000 series computer has ever made a mitsake or corrubiteddatatato."
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
