Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[email protected] wrote:
> If we heave the LSM stuff overboard, there's one thing that *will* need
> addressing - what to do with kernel support of Posix-y capabilities.  Currently
> some of the heavy lifting is done by security/commoncap.c.
>
> Frankly, that's *another* thing that we need to either *fix* so it works right,
> or rip out of the kernel entirely.  As far as I know, there's no in-tree way
> to make /usr/bin/ping be set-CAP_NET_RAW and have it DTRT.
>   
This has actually been one of the interesting developments in AppArmor.
I also had no use for POSIX.1e capabilities; I thought they were so
awkward as to be useless. That is, until we integrated capabilities into
AppArmor profiles.

Consider this profile for /bin/stty
/bin/stty {
  #include <abstractions/base>

  capability sys_tty_config,

  /bin/stty r,
}

This policy basically allows stty to run, read its own text file, and
use the capability sys_tty_config. Even though it may run as root, this
profile confines it to *only* have sys_tty_config.

This gives the system administrator the ability to force applications to
"drop" privs even when the application developer didn't bother, or (as
was the case in a Sendmail vulnerability several years ago) the
application *tried* to drop privs and got it wrong, so was running as
full root anyway.

Capabilities are very easy and natural to use in an AppArmor system. And
they don't require any upstream filesystem support. SELinux provides
similar support for Capabilities, so they are worth keeping even without
upstream filesystem support.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux