robert at linuxfromscratch.org
Wed Nov 5 20:18:04 PST 2008
On Wednesday November 5 2008 09:28:48 pm Robert Connolly wrote:
> The first idea is to copy, or hardlink, /bin/login
> to /sbin/login.caps. /sbin/login.caps has the posix capabilities, and
> agetty (and sshd, and any other login daemon) would need to be modified to
> use this login program instead of the one in /bin. /sbin/login.caps would
> only be executable by the 'login' group. I don't like this because every
> daemon that excepts to be running as root would need to be modified, and
> this might be a lot of maintenance (for me), but this is minimal privileges
> and doesn't require grsecurity for enforcement.
This may not be so bad. Both agetty and sshd have reasonable ways of modifying
the path for /bin/login. With agetty it can be changed at run time with
the '-l' option, or hard coded as the default in util-linux-ng
include/pathnames.h. OpenSSH uses pathnames.h.
/bin/su complicates things too. /bin/su would need to sgid 'login', and
use /sbin/login.caps, to use the --login option. /bin/su and /bin/login would
have some duplicate capabilities. And I don't see where Shadow-utils hard
codes /bin/login (yet).. it may use $PATH.
I don't know if it would end here, or if many other packages would need
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the hlfs-dev