Lower Process Capabilities
John Poelstra
poelstra at redhat.com
Thu Aug 13 21:53:37 UTC 2009
Steve Grubb said the following on 08/13/2009 01:26 PM Pacific Time:
> On Sunday 26 July 2009 07:32:36 pm Steve Grubb wrote:
>> What can be done is that we program the application to drop some of the
>> capabilities so that its not all powerful. There's just one flaw in this
>> plan. The directory for /bin is 0755 root root. So, even if we drop all
>> capabilities, the root acct can still trojan a system.
>>
>> If we change the bin directory to 005, then root cannot write to that
>> directory unless it has the CAP_DAC_OVERRIDE capability. The idea with this
>> project is to not allow network facing or daemons have CAP_DAC_OVERRIDE,
>> but to only allow it from logins or su/sudo.
>
> As discussed at the Fesco meeting last week, the lower process capabilities
> project is going to reduce the scope of this part of the proposal. At this
> point, we are going to tighten up perms on the directories in $PATH, /lib[64],
> /boot, and /root.
>
Can you update the feature page to reflect the reduced scope of the
feature and its completion percentage? All I see since FESCo met was
the change to the detailed description related to the permissions.
Thank you,
John
More information about the fedora-devel-list
mailing list