vserver development mailing list: [Vserver] Re: [Linux-privs-discuss] Re: libcap maintainership

[Vserver] Re: [Linux-privs-discuss] Re: libcap maintainership:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Andrew Morgan (morgan_at_transmeta.com)
Date: Tue 13 Jan 2004 - 01:33:02 GMT

Previous message: Bjoern Steinbrink: "[Vserver] VSkel - post-create password script problem"

Linas Vepstas wrote:
> On Tue, Nov 11, 2003 at 02:46:52PM -0800, Andrew Morgan was heard to remark:
>
>>This is the most recent incarnation of the full capability support.
>>
>>http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/
>>
>>The big picture thing is that we put capabilities into the 'official'
>>kernel before having filesystem support for them. What resulted was a
>>free-for-all of 'cool' hacks that really messed up the underlying
>>security model.
>>
>>In the filesystem based model, you grant 'available' capabilities based
>>on how the inode of the program interacts with the 'exec'ing process. In
>>the implemented hacked-kernel code, you give a privileged process
>>everything so you can be legacy compatible with setuid-0 programs.
>>
>>The problems you discuss above result. There are some more hacks based
>>on bounding sets and the default inheritable set that you can get init
>>to initiate before it starts fork()ing children, but they are hacks, and
>>as such are likely to have problems of their own: not least that
>>programs are designed to assume that 'if I am root, setuid() will always
>>work so I won't bother checking all the [fr]uid values do what I
>>expect', and witness an exploit for things like sendmail of two years ago.
>>
>>The code discussed here:
>>
>>http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4-fcap/README
>>
>>got the whole thing basically right - even legacy support. Modulo bugs
>>(obviously) and further development that never happened (obviously).
>
>
> OK,
>
> I see that the latest patch is mostly about associating capability bits with
> file-system attrs. Its against kernel 2.4.3 and appears not to be
> in marcello-2.4.22. What happened? Linus not like it? Never formally
> submitted to him (because the patch was too green)? Somebody told you
> to use the LSM framework, and never got around to it? selinux and/or rsbac
> provide a better security model ?

All of the above happened.

But the important part was that I got way too busy with my paying job
and growing family, and stopped working on it. [Witness, I filter all of
my mail into work/not-work and it took 2 months for me to read this one..!]

Cheers

Andrew

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Bjoern Steinbrink: "[Vserver] VSkel - post-create password script problem"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 13 Jan 2004 - 01:34:35 GMT by hypermail 2.1.3