[opensuse] Re: linux capabilities (was: Should openSUSE review it's Security Policies?)
Roger Oberholtzer wrote:
On Thu, 2012-03-01 at 19:53 +0000, Jim Henderson wrote:
On Thu, 01 Mar 2012 14:52:43 +0100, Per Jessen wrote:
Well, maybe start with "man capabilities". I think that is where I saw CAP_NET_BROADCAST mentioned. I have never played with any of this, but my understanding is that you can manage various capabilities on a per-process or per-user basis. I'm grasping at straws, but I'm sure somebody here will have an actual understanding of this.
From what I understand, kernel capabilities are disabled selectively - you start a program as root and it has access to everything, and then the program (perhaps also an external process can do this - that I don't know) disables what the program shouldn't be allowed to do.
The kernel does this. If the UID is 0 (root) some set of permissions are enabled. If not 0 (not running as root) a different default set are enabled. The 'capabilities' mechanism allows extension of what non 0 UID apps can do. The permissions, it seems, are stored in the file system along with the executable (see 'man capabilities'). So, I would imagine it requires either a specific file system, or that additional file system options be enabled. The man page is rather vague.
I think it requires extended attributes, that's all. This has a good explanation (imo): http://www.cis.syr.edu/~wedu/seed/Labs/Documentation/Linux/How_Linux_Capabil... Thinking out loud: Maybe you could run your third-party broadcasters from a little wrapper that drops privileges & capabilities, except CAP_NET_BROADCAST? You'd still need root to begin with, but the actual software would then run unprivileged. -- Per Jessen, Zürich (6.0°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-03-02 at 08:33 +0100, Per Jessen wrote:
I think it requires extended attributes, that's all. This has a good explanation (imo):
http://www.cis.syr.edu/~wedu/seed/Labs/Documentation/Linux/How_Linux_Capabil...
Thinking out loud: Maybe you could run your third-party broadcasters from a little wrapper that drops privileges & capabilities, except CAP_NET_BROADCAST? You'd still need root to begin with, but the actual software would then run unprivileged.
That could be an option. The trick is to know all the privileges one now has that are not needed. To miss any would be sloppy. It would be useful to be able to set the privileges to a non root level and then add the ones wanted. Thanks for the link. Always something new to learn. Yours sincerely, Roger Oberholtzer OPQ Systems / Ramböll RST Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Per Jessen -
Roger Oberholtzer