RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)
Colin Walters
walters at verbum.org
Tue Dec 21 16:47:23 UTC 2010
Pardon the thread necromancy,
So recently I had cause to look at
http://fedoraproject.org/wiki/Features/RemoveSETUID
again (I was investigating the X server permissions for an unrelated reason).
Now, that page links to
http://people.redhat.com/sgrubb/libcap-ng/index.html
which attempts to explain the value of capabilities, etc. I was
following along on all of this, and I understand that capabilities
have some (non-negligible) value if you don't have e.g. cap_sys_admin.
But then I got to the point where it says:
"But they still have uid 0, which typical system installation allows
root to do things. For example, /bin/sh is 0755 and /bin is also 0755
perms. A disarmed root process can still trojan a system. But what if
we got rid of all the read/write permissions for root?"
So...right, "we can do these small changes, and then if we do this BIG
CHANGE, it all works!". But this feature doesn't include BIG CHANGE,
and there are no plans to, right? Or is chmod u-rwx g-rwx on the root
filesystem really in the cards?
Now,
https://fedoraproject.org/wiki/Features/LowerProcessCapabilities
appears to claim 100% completion on this for Fedora 12, but none (?)
of it happened?
More information about the devel
mailing list