[sclug] root-like read-all but not write ability?
Bob Dunlop
bob.dunlop at xyzzy.org.uk
Thu Sep 6 09:36:14 UTC 2007
On Thu, Sep 06 at 10:05, John Stumbles wrote:
> [Reply to email sent to me not to list]
Grr. So many lists, so many different reply methods.
> Interesting.
>
> """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
> A full implementation of capabilities requires:
>
> 2. that the kernel provide system calls allowing a thread?s
> capability sets to be changed and retrieved.
>
> 3. file system support for attaching capabilities to an
> executable file, so that a process gains those capabilities when the file
> is execed.
>
> <eh? what happened to 1?>
Well my man page has.
1. that for all privileged operations, the kernel check whether the
thread has the required capability in its effective set.
> In any case surely the program would have to be run as (or suid) root for
> the wrapper to set elevated capabilities? At the moment the program is
...
Yep that's the case at present. The program starts out suid root so it
gets all root capabilities. It then voluntarily reduces the capability
set to the minimum required before proceeding with the main code. Several
of the system daemon programs operate like this.
A wrapper program would reduce it's capability set to the minimum specified
and then carefully exec your main program.
--
Bob Dunlop
More information about the Sclug
mailing list