Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20101118185627.GE13854@outflux.net>
Date: Thu, 18 Nov 2010 10:56:27 -0800
From: Kees Cook <kees@...ntu.com>
To: Steve Grubb <sgrubb@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: filesystem capabilities

Hi Steve,

On Wed, Nov 10, 2010 at 02:55:47PM -0500, Steve Grubb wrote:
> drop all privs is a 2 liner:
> capng_clear(CAPNG_SELECT_CAPS);
> if (capng_apply(CAPNG_SELECT_CAPS))
> 	exit(0);
> 
> Not sure anything that small needs a library function.

Well, yeah, if it's just caps, I'd agree, but I'm failing to describe what
I mean. :)

For the transition from setuid to fscaps, there will be a time where
distros may ship a program with both setuid-root and fscaps. (Some
stacked filesystems, for example, don't support fscaps.) In these
situations, it would be nice to have a single library-based routine that
all of these programs can call that will basically do the following:

- remember if I'm running setuid
- drop all but needed caps
- if I was setuid, drop uid back to real uid

That way the sensitive code isn't cut/pasted into lots of programs, just
they all call out to a single place, and everything gets it right,
regardless of them being setuid or fscap.

> I asked the maintainer if he's had any discussion [about upstreaming
> the tar xattr patches] lately.

Any news here?

> > Has there been any discussion of making rsync, cp, and cpio default to
> > copying xattrs and acls too? I know at least with rsync they are explicitly
> > not included in the "-a" option. :(
> 
> My rsync man page shows a -X option and cp has a --preserve=xattr. cpio doesn't but no 
> one seems to have been missing that.

Right, but I mean, it seems like it would be valuable to make these options
_part_ of -a when currently they are explicitly not included.

-Kees

-- 
Kees Cook
Ubuntu Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.