From Fedora Project Wiki

No edit summary
 
(4 intermediate revisions by 3 users not shown)
Line 6: Line 6:
   - that the "normal" functionality of each patched daemon still works
   - that the "normal" functionality of each patched daemon still works
   - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
   - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
  - Does sudo still work as before? (see https://www.redhat.com/archives/fedora-devel-list/2009-August/msg00078.html )
  (etc) 


--[[User:Dmalcolm|Dmalcolm]] 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use.  We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it.  This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons.  (In terms of layered defences, when do capabilities happen?  After regular unix permissions, but before SELinux??)
--[[User:Dmalcolm|Dmalcolm]] 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use.  We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it.  This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons.  (In terms of layered defences, when do capabilities happen?  After regular unix permissions, but before SELinux??)
--[[User:sgrubb|sgrubb]] 16:40, 14 Aug 2009 (UTC)Updated testing section. Capabilities checks are performed in the syscall and generally before looking at any data from user space.
--[[User:Dkelson|Dkelson]] 20:10, 02 Oct 2009 (UTC) Regarding moving the /etc/resolv.conf file. The statement "should probably be a symlink" should be "must be a symlink for all eternity since there are 30+ years of documentation and accumulated communal knowledge ". Has there been any coordination with other distros? An overarching goal of Linux distro development should be to eliminate needless frivolous incompatibilities between distros. In other words, be different where you must while being the same wherever possible. Debian/Ubuntu uses [http://en.wikipedia.org/wiki/Resolvconf resolvconf] with symbolic link to /etc/resolvconf/run/resolv.conf. Just curious if LSB says anything about this?

Latest revision as of 20:36, 2 October 2009

Feature Wrangler Review

  • Please include a draft release note. Thank you. poelcat 16:11, 24 June 2009 (UTC)

Comments

--Dmalcolm 14:34, 27 July 2009 (UTC) "How to Test" section contains various things to test for to ensure that capabilities are suppressed for the various daemons, but I think it also needs two more sections:

 - that the "normal" functionality of each patched daemon still works
 - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
 - Does sudo still work as before? (see https://www.redhat.com/archives/fedora-devel-list/2009-August/msg00078.html )
 (etc)  

--Dmalcolm 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use. We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it. This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons. (In terms of layered defences, when do capabilities happen? After regular unix permissions, but before SELinux??)

--sgrubb 16:40, 14 Aug 2009 (UTC)Updated testing section. Capabilities checks are performed in the syscall and generally before looking at any data from user space.

--Dkelson 20:10, 02 Oct 2009 (UTC) Regarding moving the /etc/resolv.conf file. The statement "should probably be a symlink" should be "must be a symlink for all eternity since there are 30+ years of documentation and accumulated communal knowledge ". Has there been any coordination with other distros? An overarching goal of Linux distro development should be to eliminate needless frivolous incompatibilities between distros. In other words, be different where you must while being the same wherever possible. Debian/Ubuntu uses resolvconf with symbolic link to /etc/resolvconf/run/resolv.conf. Just curious if LSB says anything about this?