Re: posix capabilities inheritance
From: Ernie Petrides
Date: Thu Oct 23 2003 - 20:39:49 EST
On Thursday, 23-Oct-2003 at 17:5 CDT, "Michael Glasgow" wrote:
> The code to drop privs is not hard, but it's also not trivial.
Here's an example code sequence that demonstrates how a setuid-to-root
application could drop all capabilities except for CAP_IPC_LOCK and
then run with the non-privileged uid:
#include <sys/prctl.h>
#include <sys/capability.h>
...
cap_t c;
if (prctl(PR_SET_KEEPCAPS, 1UL, 0UL, 0UL, 0UL) < 0 ||
seteuid(getuid()) < 0 ||
!(c = cap_from_text("cap_ipc_lock=eip")) ||
cap_set_proc(c) < 0)
/* handle error */;
However, I agree that it's often not viable to require application
changes to achieve the desired result.
Cheers. -ernie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/