Granting a capability to a service
Reindl Harald
h.reindl at thelounge.net
Mon Jul 20 23:02:25 UTC 2015
Am 20.07.2015 um 23:34 schrieb Steve Grubb:
> On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote:
>> On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>>> The real problem with capabilities is there is no way to say, I trust this
>>> child process with this capability, but don't let it get inherited beyond
>>> this process that I'm about to start.
>>
>> Why would you want to do that?
>
> Because you know exactly why the program needs a capability and its not known
> to have children. Therefore any children must be because of an exploit. The
> way it is, capabilities are inherited and you can't stop it
when you start a service like let say a webserver and take away
capabilities for security reasons than you want *for sure* to have them
also inherited for *any* scripting language calling whatever via system()
it's expected behavior that settings for a systemd-unit like
capabilities or namespaces are inherited for *every* prcoess of that
service and not just for ExecStart itself leaving children unprotected
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150721/3f5cd6b7/attachment.sig>
More information about the devel
mailing list