[sclug] root-like read-all but not write ability?

Bob Dunlop bob.dunlop at xyzzy.org.uk
Thu Sep 6 09:36:14 UTC 2007

On Thu, Sep 06 at 10:05, John Stumbles wrote:
> [Reply to email sent to me not to list]

Grr. So many lists, so many different reply methods.

> Interesting.
> """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
> A full implementation of capabilities requires:
>        2.  that the kernel provide system calls allowing a thread?s 
> capability  sets  to  be  changed  and retrieved.
>        3.  file  system  support  for attaching capabilities to an 
> executable file, so that a process gains those capabilities when the file 
> is execed.
> <eh? what happened to 1?>

Well my man page has.

  1.  that for all privileged operations, the kernel  check  whether  the
      thread has the required capability in its effective set.

> In any case surely the program would have to be run as (or suid) root for 
> the wrapper to set elevated capabilities? At the moment the program is 
Yep that's the case at present.  The program starts out suid root so it
gets all root capabilities.  It then voluntarily reduces the capability
set to the minimum required before proceeding with the main code.  Several
of the system daemon programs operate like this.

A wrapper program would reduce it's capability set to the minimum specified
and then carefully exec your main program.

        Bob Dunlop

More information about the Sclug mailing list