From: Michael Hilscher (vserver_at_michael-hilscher.de)
Date: Sat 04 Jan 2003 - 00:38:36 GMT
On Fri, Jan 03, 2003 at 04:59:01PM +0000, Paul Sladen wrote:
> > Can an attacker reach the root Server with those caps:
> > S_CAPS="CAP_SYS_RESOURCE CAP_NET_RAW"
> Override resource limits. Set resource limits.
> Override quota limits.
> Override reserved space on ext2 filesystem
> NOTE: ext2 honors fsuid when checking for resource overrides, so
> you can override using fsuid too
> Override size restrictions on IPC message queues
> Allow more than 64hz interrupts from the real-time clock
> Override max number of consoles on console allocation
> Override max number of keymaps
> Which of the above do you think you need--that is causing you to want to
> enable `CAP_SYS_RESOURCE'?
I'd like to run bind in an vserver. I think its better to do that than
running bind in chroot on main server. Also i'm going to limit bind via
Systrace and start named as unpriviliged user in chroot (and my
configuration disallows zone transfers and so on ,-)
I'm just an PHP, MySQL ... coder so i'm also not sure about the
Risks of: CAP_NET_RAW capability
* Allow use of RAW sockets
* Allow use of PACKET sockets
in use on customer vservers. Why is that cap deactivated in default?
Which risks comes with that cap?
Thanks for your time!
-- Would Mozart have been more productive if he had scribes to help him, a secretary and a CEO to lead his way? -- Linus Torvalds