Posix file capabilities

Robert Connolly robert at linuxfromscratch.org
Mon Jan 28 17:36:31 PST 2008


Posix file capabilities are now implemented in linux-2.6.24. Basically, file 
attributes can be used to give programs root's capabilities. Before we only 
had capabilities for processes. File capabilities are much easier to 
implement. This is like partial suid-root, and is a bit better than dropping 
root, or using access controls on root, because full root power is never 
activated. Access controls can still be used in conjunction. All of this 
prevents privilege escalation.

After installing the Attr package, PAM, libcaps-2, and rebooting linux-2.6.24 
with the CONFIG_SECURITY_CAPABILITIES, CONFIG_SECURITY_FILE_CAPABILITIES, and 
CONFIG_EXT2_FS_POSIX_ACL and CONFIG_EXT2_FS_SECURITY kernel options (there 
are similar options for ext3 and reiserfs), and then following:
http://www.friedhoff.org/fscaps.html#Ping
I got /bin/ping working without suid-root. It's very straight foreward to set 
up on an existing system.

The caps module is now built-in to the kernel (non-optional) for filesystem 
support to work dependably.

We can use this with any program that runs as root, like klogd, etc, to give 
it the least possible capabilities.

Comments?

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080128/1d19a33a/attachment.sig>


More information about the hlfs-dev mailing list