Hopefully not a flamewar question...
Currently, capabilities of a process are reset during exec()
system call. At least effective+permitted set.
1) In case new uid != 0, all the caps are cleared, so it is not
possible to execute a program as non-root but still give it some
capabilities (like, say, CAP_NET_BIND_SERVICE).
2) In case new uid == 0, effective and permitted sets are restored
to all-ones.
This is regardless of other settings, like prctl(KEEPCAPS), or
the current set of capabilities.
I partly understand why 2) is done - in case of setuid binary being
executed, all the capabilities are set for it. But this breaks
executing non-setuid binaries too -- for example, it'd be very nice
to be able to chroot to some directory, and remove CAP_SYS_CHROOT
(and other evil caps like CAP_SYS_MODULE, CAP_SETPCAP) -- this way,
with minimal efforts, chroot will work almost (yes, I understand
it's not entirely the same) the same as BSD jail(2) concept.
So the question is: why capability sets are being reinitialized during
exec()? At least in 2.4 era, they weren't... and stuff like
execcap, sucaps etc was working. Now they aren't anymore.
Thanks.
/mjt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
