Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!
Pekka Pietikainen
pp at ee.oulu.fi
Thu Oct 28 08:14:08 UTC 2010
On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote:
> This feature is now approved and I see bugs get filed. The documentation and
> guidelines are very incomplete. How does one figure out which file
> capabilities are needed by the programs I maintain that currently use setuid?
> Help, please.
Probably: remove setuid bit, run, see what breaks. strace may be useful
[pp at the ~]$ strace ./rsh localhost 2>&1|grep EACCES
bind(3, {sa_family=AF_INET6, sin6_port=htons(1023), inet_pton(AF_INET6,
"::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EACCES
(Permission denied)
-> needs CAP_NET_BIND_SERVICE. It didn't seem to output any error to the
user, so the lacking permissions may be well-hidden.
https://wiki.archlinux.org/index.php/Using_File_Capabilities_Instead_Of_Setuid
seems to have a list btw., which may or may not be correct.
Do note that removing suid from some programs is a bad idea:
"Warning: Do not use it, because mount and umount can not do some checks,
then users can mount/umount filesystems that do not have permission."
(probably those checks could/should be implemented upstream, if they're not
already there)
So it's a feature that could introduce new vulnerabilities
if done wrong, but it's certainly worth doing, carefully. If uncertain,
ask.
More information about the devel
mailing list