[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

statoverride and capabilities

I suggest to add fs capability support to statoverride.

(The fs capability set is a bit mask of capabilities that root can
specify for an executable, which will then automatically get these
capabilities, regardless of who runs them - somewhat like a broken-up

At the moment no Linux filesystem I know supports capabilities, but
there are kernel patches[1] for somewhat limited (non-persistent)
support. Hopefully soon, ext2 & co will get capabilities - if we plan
ahead we will be ready.


* packages should start registring with capabilites. e.g.:

statoverride --add root root 4755 /bin/ping cap_net_raw

with the limitation that (for now) only suid-root programs may list
capabilities. The assumption is that the program will only need the
named capabilities to run correctly, but has to be suid-root if these
are not supported.

* statoverride will save the information alongside the other stuff

* dpkg will try to set the given capabilites, and verify if they have
  been set.
  - If the verify succeeds, the filesystem understands capabilities,
    and the suid bit will be masked out of the mode.
  - Otherwise, the mode is left alone, resulting in the program being

This should offer a smooth path to even less suid-root programs.

[1]  ftp://linux.kernel.org/pub/linux/libs/security/linux-privs/


Attachment: signature.ng
Description: PGP signature

Reply to: