[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Lower Process Capabilities
- From: "Serge E. Hallyn" <serue us ibm com>
- To: Steve Grubb <sgrubb redhat com>
- Cc: Development discussions related to Fedora <fedora-devel-list redhat com>
- Subject: Re: Lower Process Capabilities
- Date: Fri, 14 Aug 2009 17:05:06 -0500
Quoting Steve Grubb (sgrubb redhat com):
> On Sunday 26 July 2009 07:32:36 pm Steve Grubb wrote:
> > What can be done is that we program the application to drop some of the
> > capabilities so that its not all powerful. There's just one flaw in this
> > plan. The directory for /bin is 0755 root root. So, even if we drop all
> > capabilities, the root acct can still trojan a system.
> >
> > If we change the bin directory to 005, then root cannot write to that
> > directory unless it has the CAP_DAC_OVERRIDE capability. The idea with this
> > project is to not allow network facing or daemons have CAP_DAC_OVERRIDE,
> > but to only allow it from logins or su/sudo.
>
> As discussed at the Fesco meeting last week, the lower process capabilities
> project is going to reduce the scope of this part of the proposal. At this
> point, we are going to tighten up perms on the directories in $PATH, /lib[64],
> /boot, and /root.
>
> A sample srpm can be found here for anyone wanting to try it out before alpha
> is unfrozen.
>
> http://people.redhat.com/sgrubb/files/filesystem-2.4.24-1.fc12.src.rpm
>
> Any feedback would be appreciated.
Hi Steve,
downloading and looking at filesystem.spec in the above rpm, I don't
see any special treatment for boot, root, or /lib.... Is the right
rpm at that link? If so, then I must be misunderstanding - can you
give me a diff or something to explain how it's supposed to work?
thanks,
-serge
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]