From Fedora Project Wiki

Line 6: Line 6:
   - that the "normal" functionality of each patched daemon still works
   - that the "normal" functionality of each patched daemon still works
   - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
   - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
  - Does sudo still work as before? (see https://www.redhat.com/archives/fedora-devel-list/2009-August/msg00078.html )
  (etc) 


--[[User:Dmalcolm|Dmalcolm]] 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use.  We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it.  This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons.  (In terms of layered defences, when do capabilities happen?  After regular unix permissions, but before SELinux??)
--[[User:Dmalcolm|Dmalcolm]] 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use.  We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it.  This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons.  (In terms of layered defences, when do capabilities happen?  After regular unix permissions, but before SELinux??)

Revision as of 14:19, 14 August 2009

Feature Wrangler Review

  • Please include a draft release note. Thank you. poelcat 16:11, 24 June 2009 (UTC)

Comments

--Dmalcolm 14:34, 27 July 2009 (UTC) "How to Test" section contains various things to test for to ensure that capabilities are suppressed for the various daemons, but I think it also needs two more sections:

 - that the "normal" functionality of each patched daemon still works
 - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
 - Does sudo still work as before? (see https://www.redhat.com/archives/fedora-devel-list/2009-August/msg00078.html )
 (etc)  

--Dmalcolm 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use. We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it. This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons. (In terms of layered defences, when do capabilities happen? After regular unix permissions, but before SELinux??)