From Fedora Project Wiki
Line 11: Line 11:
--[[User:Dmalcolm|Dmalcolm]] 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use.  We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it.  This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons.  (In terms of layered defences, when do capabilities happen?  After regular unix permissions, but before SELinux??)
--[[User:Dmalcolm|Dmalcolm]] 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use.  We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it.  This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons.  (In terms of layered defences, when do capabilities happen?  After regular unix permissions, but before SELinux??)


Updated testing section. Capabilities checks are performed in the syscall and generally before looking at any data from user space.
--[[User:sgrubb|sgrubb]] 16:40, 14 Aug 2009 (UTC)Updated testing section. Capabilities checks are performed in the syscall and generally before looking at any data from user space.

Revision as of 17:40, 14 August 2009

Feature Wrangler Review

  • Please include a draft release note. Thank you. poelcat 16:11, 24 June 2009 (UTC)

Comments

--Dmalcolm 14:34, 27 July 2009 (UTC) "How to Test" section contains various things to test for to ensure that capabilities are suppressed for the various daemons, but I think it also needs two more sections: 

 - that the "normal" functionality of each patched daemon still works
 - that a sysadmin logged in via e.g. ssh is still able to perform his/her "normal" activities
 - Does sudo still work as before? (see https://www.redhat.com/archives/fedora-devel-list/2009-August/msg00078.html )
 (etc)

--Dmalcolm 14:40, 27 July 2009 (UTC) From a documentation point-of-view, is the following correct: Linux has long had per-process capabilities, allowing more fine-grained permissions for e.g. a process running as "root", but the API for using this has been awkward to use. We're adding a new user-space library to make it much easier for a process to revoke capabilities for itself and its subprocesses, and patching various network-facing daemons to make use of it. This should make it more difficult for an attacker to take full control of a system via a vulnerability in one of these daemons. (In terms of layered defences, when do capabilities happen? After regular unix permissions, but before SELinux??)

--sgrubb 16:40, 14 Aug 2009 (UTC)Updated testing section. Capabilities checks are performed in the syscall and generally before looking at any data from user space.

Retrieved from "https://fedoraproject.org/w/index.php?title=Talk:Features/LowerProcessCapabilities&oldid=118974"