Mailinglist Archive: opensuse-features (244 mails)
| < Previous | Next > |
[openFATE 307254] Use POSIX capabilities instead of suid
- From: fate_noreply@xxxxxxx
- Date: Thu, 28 Oct 2010 13:20:58 +0200 (CEST)
- Message-id: <feature-307254-11@xxxxxxxxxxxxxx>
Feature changed by: Ludwig Nussel (lnussel)
Feature #307254, revision 11
Title: Use POSIX capabilities instead of suid
openSUSE-11.3: Unconfirmed
Priority
Requester: Neutral
Requested by: Pascal Bleser (pbleser)
Developer: (Novell)
Developer: (Novell)
Description:
Use POSIX file capabilities instead of suid processes and running e.g.
Apache as root:
* http://www.nuxified.org/blog/dear-distributors
(http://www.nuxified.org/blog/dear-distributors)
* http://www.friedhoff.org/posixfilecaps.html
(http://www.friedhoff.org/posixfilecaps.html)
* https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html
(https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html)
Discussion:
#1: Jan Engelhardt (jengelh) (2009-08-09 14:21:02)
Some tools like tar(1) do not even support recording Xattrs/ACLs (yet
people still use that for backups), and Filesystem Capabilities (not
POSIX capabilities) would not be recorded either. Such should really be
addresses first, more or less.
#2: Pascal Bleser (pbleser) (2009-08-10 01:30:22) (reply to #1)
No question, it's a mid term objective. And not exactly trivial to
solve either.
I posted this feature rather as a reminder that that enhancement
exists, and that Fedora is trying to get it implemented. Just to keep
an eye on it ;)
#3: Cristian Rodríguez (elvigia) (2010-10-05 20:45:55)
I have enabled support for file capabilities in rpm using the %caps()
macro in factory
However having it enabled in rpm is not that useful as the actual
feature has to be activated manually by the user booting with
file_caps=1 , does anyone know the reason why it isnt enabled by
default ?
#4: Ludwig Nussel (lnussel) (2010-10-11 09:59:23)
Before we can use fscaps in packages...
1) we need a mechanism that handles fscaps similar to /etc/permissions
2) we need an rpmlint check
3) binaries need to be audited whether they are suitable for fscaps
use, just like setuid binaries
+ #5: Ludwig Nussel (lnussel) (2010-10-28 13:20:50)
+ Are we absolutely sure that 11.4 does support file capabilities by
+ default?
+ I wonder whether to implement a runtime switchable way between
+ traditional suid binaries and fscaps.
+ Also what about run time upgrades to the new distro? In that case the
+ old kernel without fscaps is running but we would install binaries that
+ rely on fscaps. Ie the system wouldn't work properly until reboot.
--
openSUSE Feature:
https://features.opensuse.org/307254
Feature #307254, revision 11
Title: Use POSIX capabilities instead of suid
openSUSE-11.3: Unconfirmed
Priority
Requester: Neutral
Requested by: Pascal Bleser (pbleser)
Developer: (Novell)
Developer: (Novell)
Description:
Use POSIX file capabilities instead of suid processes and running e.g.
Apache as root:
* http://www.nuxified.org/blog/dear-distributors
(http://www.nuxified.org/blog/dear-distributors)
* http://www.friedhoff.org/posixfilecaps.html
(http://www.friedhoff.org/posixfilecaps.html)
* https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html
(https://www.redhat.com/archives/fedora-devel-list/2009-July/msg01568.html)
Discussion:
#1: Jan Engelhardt (jengelh) (2009-08-09 14:21:02)
Some tools like tar(1) do not even support recording Xattrs/ACLs (yet
people still use that for backups), and Filesystem Capabilities (not
POSIX capabilities) would not be recorded either. Such should really be
addresses first, more or less.
#2: Pascal Bleser (pbleser) (2009-08-10 01:30:22) (reply to #1)
No question, it's a mid term objective. And not exactly trivial to
solve either.
I posted this feature rather as a reminder that that enhancement
exists, and that Fedora is trying to get it implemented. Just to keep
an eye on it ;)
#3: Cristian Rodríguez (elvigia) (2010-10-05 20:45:55)
I have enabled support for file capabilities in rpm using the %caps()
macro in factory
However having it enabled in rpm is not that useful as the actual
feature has to be activated manually by the user booting with
file_caps=1 , does anyone know the reason why it isnt enabled by
default ?
#4: Ludwig Nussel (lnussel) (2010-10-11 09:59:23)
Before we can use fscaps in packages...
1) we need a mechanism that handles fscaps similar to /etc/permissions
2) we need an rpmlint check
3) binaries need to be audited whether they are suitable for fscaps
use, just like setuid binaries
+ #5: Ludwig Nussel (lnussel) (2010-10-28 13:20:50)
+ Are we absolutely sure that 11.4 does support file capabilities by
+ default?
+ I wonder whether to implement a runtime switchable way between
+ traditional suid binaries and fscaps.
+ Also what about run time upgrades to the new distro? In that case the
+ old kernel without fscaps is running but we would install binaries that
+ rely on fscaps. Ie the system wouldn't work properly until reboot.
--
openSUSE Feature:
https://features.opensuse.org/307254
| < Previous | Next > |