Ethereal-dev: RE: [Ethereal-dev] new release?
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Richard Urwin <RUrwin@xxxxxxxxxxxxxx>
Date: Fri, 29 Aug 2003 13:01:16 +0100
> Haven't Linux POSIX capabilities been present in the kernel > since 2.2? > I have never used them personally, but have kind of wondered > why nobody > else has either. After my third web trawl after this most elusive of topics - It seems that Linux capabilities are in 2.4, are used throughout the kernel and are somewhat mature. However... There is no support for the equivilant of a setuid executable; only control on a process by process basis. The library libcap [sic] recommended for using them hasn't been altered since 2.2, although it appears to be supported for use under 2.4 It has to be part of Ethereal. It wont work as a launcher app, and you can't give the shell the right capability and then start Ethereal. I now believe that Capabilities could be used by Ethereal under Linux and it would be quick and simple to implement and work on out-of-the-box distributions from 2.2.19 onward. The Capabilities FAQ: http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq- 0.2.txt Capabilities in 2.4: http://www.linuxsecurity.com/feature_stories/kernel-24-security-printer.html libcap under 2.4: http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/ The Capabilities man page, including the interrim hack for non-existent file system support: http://www.icewalkers.com/Linux/ManPages/capabilities-7.html Capabilities widely used in the 2.4 kernel: http://www.net-security.org/dl/articles/lsm-usenix.pdf The famous "sendmail" exploit was fixed in 2.2.16: http://www.securityfocus.com/archive/1/63959 ...after the release of 2.4.0-test1: http://www.securityfocus.com/archive/1/63960 More on Chris Evan's prctl() patch, a workaround for problems arising from fixes to the sendmail exploit and the init not starting with CAP_SETPCAP capability: http://www.kerneltraffic.org/kernel-traffic/kt20000320_59.html http://lkml.org/lkml/2001/3/19/13 http://www.aniota.com/securing/minimize-privileges.html is worth quoting in part: "... unless other steps are taken, retaining a privilege using POSIX capabilities requires that the process continue to have the root user id. Because many important files (configuration files, binaries, and so on) are owned by root, an attacker controlling a program with such limited capabilities can still modify key system files and gain full root-level privilege. A Linux kernel extension (available in versions 2.4.X and 2.2.19+) provides a better way to limit the available privileges: a program can start as root (with all POSIX capabilities), prune its capabilities down to just what it needs, call prctl(PR_SET_KEEPCAPS,1), and then use setuid() to change to a non-root process. The PR_SET_KEEPCAPS setting marks a process so that when a process does a setuid to a nonzero value, the capabilities aren't cleared (normally they are cleared). This process setting is cleared on exec(). However, note that PR_SET_KEEPCAPS is a Linux-unique extension for newer versions of the linux kernel." -- Richard Urwin, Private "No 9000 series computer has ever made a mitsake or corrubiteddatatato." ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________
- Prev by Date: Re: [Ethereal-dev] new release?
- Next by Date: Re: [Ethereal-dev] new release? version 1.0/wishlist
- Previous by thread: Re: Re: [Ethereal-dev] new release?
- Next by thread: [Ethereal-dev] Patch to packet-h245.c add Translation of T35 Country codes
- Index(es):
