| 1 |
On Sat, 17 Apr 2010 20:30:02 +0200, Mick wrote about Re: [gentoo-user] |
| 2 |
How many ways are there for a user to increase their permissions?: |
| 3 |
|
| 4 |
>On Friday 16 April 2010 23:13:34 Jonathan wrote: |
| 5 |
[snip] |
| 6 |
>> 4: Linux "Capabilities" or "caps": Which increases permissions on a |
| 7 |
>> per-file basis. e.g. removing SUID from ping and adding CAP_NET_RAW |
| 8 |
>> to ping. This is much safer than running the whole program as root. |
| 9 |
>> http://linux.die.net/man/7/capabilities |
| 10 |
> |
| 11 |
>This is a first for me. I haven't used it before and it seems it is |
| 12 |
>not set up on my box by default. |
| 13 |
|
| 14 |
In fact, POSIX capabilities are a mechanism to *reduce* a program's |
| 15 |
permissions, not increase them. |
| 16 |
|
| 17 |
With a default system, any program that needs to do, say, one |
| 18 |
privileged operation must be run as root. The typical example is to |
| 19 |
open a service port (i,e, 1023 or lower) rather than an ephemeral port |
| 20 |
in the TCP/IP stack. Such a program receives full root privileges, |
| 21 |
which allow it to have full access to the filesystems, modprobe new |
| 22 |
drivers into the kernel, etc., etc., even though it only wants to |
| 23 |
listen on a service port. |
| 24 |
|
| 25 |
With caps, it is given the capability (CAP_NET_BIND_SERVICE) to open |
| 26 |
service ports without regard to the userid under which it is running. |
| 27 |
This means that it will *NOT* have permissions to modprobe drivers, |
| 28 |
mess about with files arbitrarily, etc. |
| 29 |
|
| 30 |
man 7 capabilities |
| 31 |
|
| 32 |
If you don't have that man page, you will need to emerge libcap. |
| 33 |
-- |
| 34 |
Regards, |
| 35 |
|
| 36 |
Dave [RLU #314465] |
| 37 |
====================================================================== |
| 38 |
dwnoon@××××××××.com (David W Noon) |
| 39 |
====================================================================== |
Archives