Re: posix capabilities inheritance

From: Ernie Petrides
Date: Thu Oct 23 2003 - 20:39:49 EST


On Thursday, 23-Oct-2003 at 17:5 CDT, "Michael Glasgow" wrote:

> The code to drop privs is not hard, but it's also not trivial.

Here's an example code sequence that demonstrates how a setuid-to-root
application could drop all capabilities except for CAP_IPC_LOCK and
then run with the non-privileged uid:

#include <sys/prctl.h>
#include <sys/capability.h>

...

cap_t c;

if (prctl(PR_SET_KEEPCAPS, 1UL, 0UL, 0UL, 0UL) < 0 ||
seteuid(getuid()) < 0 ||
!(c = cap_from_text("cap_ipc_lock=eip")) ||
cap_set_proc(c) < 0)
/* handle error */;

However, I agree that it's often not viable to require application
changes to achieve the desired result.

Cheers. -ernie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/