* Dax Kelson (dax@gurulabs.com) wrote:
> On Thu, 2002-06-27 at 14:54, Chris Wright wrote:
> > * Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil) wrote:
> > >
> > > Actually, I think most of that work has already been done by the Linux
> > > Security Module project (well, except #7).
> >
> > The LSM project supports capabilities exactly as it appears in the
> > kernel right now. The EA linkage is still missing. Of course, we are
> > accepting patches ;-)
>
> Has either lscap or chcap been written? I suppose not as that would
> require a consensus on how capabilities would be stored as a EA.
You might take a look at the linux-privs stuff. I believe it's pretty
out of date, but you can see where things left off. Specifically, the
fcap parts.
>
> That EA would need to be "special" and only be changeable by uid 0 (or
> CAP_CHFSCAP).
Actually, that would be CAP_SETFCAP as defined by the standard.
> So, has any of the below changed now that LSM has entered the picture?
No. The EA bits are the important part.
> 1. Define how capabilities will be stored as a EA
> 2. Teach fs/exec.c to use the capabilities stored with the file
> 3. Write lscap(1)
> 4. Write chcap(1)
> 5. Audit/fix all SUID root binaries to be capabilities aware
> 6. Set appropriate capabilities with for each with chcap(1) and then:
> # find / -type f -perm -4000 -user root -exec chmod u-s {} \;
> 7. Party and snicker in the general direction of that OS with the slogan
> "One remote hole in the default install, in nearly 6 years!"
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 07 2002 - 22:00:17 EST