From: andrewg@felinemenace.org
To: linux-kernel@vger.kernel.org
Subject: Capability problems in 2.6.1?
Date: Mon, 12 Jan 2004 01:48:19 -0800 [thread overview]
Message-ID: <20040112094819.GA25633@felinemenace.org> (raw)
Hello,
I seem to be having problems with getting capabilities to work
correctly under 2.6.1. This is the code I'm using to drop it with.
#define HIGHSEC (CAP_TO_MASK(CAP_FOWNER) | CAP_TO_MASK(CAP_LINUX_IMMUTABLE) |\
CAP_TO_MASK(CAP_NET_ADMIN) | CAP_TO_MASK(CAP_SYS_MODULE) |\
CAP_TO_MASK(CAP_SYS_RAWIO) | CAP_TO_MASK(CAP_SYS_PACCT) |\
CAP_TO_MASK(CAP_SYS_ADMIN) | CAP_TO_MASK(CAP_SYS_BOOT) |\
CAP_TO_MASK(CAP_SYS_TIME) | CAP_TO_MASK(CAP_NET_RAW) |\
CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | CAP_TO_MASK(CAP_IPC_OWNER) |\
CAP_TO_MASK(CAP_KILL) | CAP_TO_MASK(CAP_SETPCAP) |\
CAP_TO_MASK(CAP_NET_BROADCAST) | CAP_TO_MASK(CAP_SYS_CHROOT) |\
CAP_TO_MASK(CAP_SYS_PTRACE) | CAP_TO_MASK(CAP_SYS_NICE) |\
CAP_TO_MASK(CAP_SYS_RESOURCE) | CAP_TO_MASK(CAP_MKNOD))
if(current->pid != 1) {
printk(KERN_INFO "sys_chroot(%s): HIGHSEC mask: %08x, cap_permitted: %08x, cap_inheritable: %08x, cap_effective: %08x\n", filename, HIGHSEC, current->cap_permitted, current->cap_inheritable, current->cap_effective);
current->cap_permitted = cap_drop(current->cap_permitted, HIGHSEC);
current->cap_inheritable = cap_drop(current->cap_inheritable, HIGHSEC);
current->cap_effective = cap_drop(current->cap_effective, HIGHSEC);
printk(KERN_INFO "sys_chroot(%s): HIGHSEC mask: %08x, cap_permitted: %08x, cap_inheritable: %08x, cap_effective: %08x\n", filename, HIGHSEC, current->cap_permitted, current->cap_inheritable, current->cap_effective);
}
To test, I chroot a process, and check the /proc/self/status flag, and attempt
mounting/dismounting a filesystem (which should fail, since we are taking
CAP_SYS_ADMIN away.). I've tried various combinations of LSM selections, but
this doesn't seem to help. I edited capability.h to change the effective set
had SET_PCAP. (Yes, I realise I should set the allowed capabilities ;) not the
opposite)
My results:
CONFIG_SECURITY=n
Causes the chrooted process mask to be 0xffffffff, and operations are
performed fine.
CONFIG_SECURITY=y
Causes the chrooted process mask to be 0xf00044d7, and operations are
performed fine.
CONFIG_SECURITY=y && CONFIG_SECURITY_CAPABILITIES=m
When unloaded:
Causes the chrooted process mask to be 0xf00044d7, and
operations are preformed fine.
When loaded:
Causes the chrooted process mask to be 0xffffffff, and
operations are preformed fine.
When unloaded:
Causes the chrooted process mask to be 0xf00044d7, and
operations are preformed fine. (I made sure capability and
common cap where removed.)
When just commoncap is loaded:
Causes the chrooted process mask to be 0xf00044d7, and
operations are preformed fine.
CONFIG_SECURITY=y && CONFIG_SECURITY_CAPABILITIES=y
Causes the chrooted process mask to be 0xffffffff, and operations are
performed fine.
It also appears securebits.h has something to do with the whole thing as well,
but I don't know. If I've missed something that causes capabilities to work in
the 2.4 (or how I remember :/) series, I'd appreciate it if anyone could
point it out.
Otherwise, does it look like this is a bug, and possibly a bad one since
people could/would assume it would work the same as 2.4, and there previously
capability restricted binds and wu-ftpds are now open?
Thanks in advance,
Andrew Griffiths
P.S I'm not subscribed, but I'd appreciate it if you could cc me in any replies,
thanks.
next reply other threads:[~2004-01-13 1:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-12 9:48 andrewg [this message]
2004-01-14 0:17 ` Capability problems in 2.6.1? Chris Wright
2004-01-14 4:08 ` andrewg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040112094819.GA25633@felinemenace.org \
--to=andrewg@felinemenace.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).