[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Lower Process Capabilities

Steve Grubb said the following on 08/13/2009 01:26 PM Pacific Time:
On Sunday 26 July 2009 07:32:36 pm Steve Grubb wrote:
What can be done is that we program the application to drop some of the
capabilities so that its not all powerful. There's just one flaw in this
plan. The directory for /bin is 0755 root root. So, even if we drop all
capabilities, the root acct can still trojan a system.

If we change the bin directory to 005, then root cannot write to that
directory unless it has the CAP_DAC_OVERRIDE capability. The idea with this
project is to not allow network facing or daemons have CAP_DAC_OVERRIDE,
but to only allow it from logins or su/sudo.

As discussed at the Fesco meeting last week, the lower process capabilities project is going to reduce the scope of this part of the proposal. At this point, we are going to tighten up perms on the directories in $PATH, /lib[64], /boot, and /root.

Can you update the feature page to reflect the reduced scope of the feature and its completion percentage? All I see since FESCo met was the change to the detailed description related to the permissions.

Thank you,

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]