[rsbac] AUTH capabilities

Pallai Roland rsbac@rsbac.org
Tue Nov 12 22:01:15 2002

Previous message: [rsbac] Nordsec paper about RC model uploaded
Next message: [rsbac] AUTH capabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2002-11-11 at 11:53, Amon Ott wrote:
> On Sunday, 10. November 2002 18:14, Pallai Roland wrote:
> >  description of the AUTH capabilities said:
> >  " These are ranges of user IDs, which this program may use in a
> > CHANGE_OWNER (setuid) request. The capabilities are inherited to the
> > process running the program. "
> > 
> >  and why can't restrict seteuid() requests? cap_setuid capability in
> > this way same as cap_dac_override after seteuid(0)..  I know a solution,
> > but a big overhead to set and force restricted roles aganist seteuid(0)
> > for processes with cap_setuid and restricted AUTH capabilities.. much
> > easiest way would be to restrict seteuid() as setuid(), and entrust all
> > permission checking to linux DAC..
> 
> The check in seteuid has been removed some versions ago, because seteuid has 
> no consequence for the RSBAC models. The cleanest way to check it would 
> probably be an extra request CHANGE_DAC_EFF_OWNER with additional AUTH cap 
> sets.

 I agree, it could help a lots when we need to restrict a setuid capable
daemon which run as a user..  may I hope that, if this feature will be
part of the RSBAC in the near future?


 anyway, RSBAC is a damn good stuff, congratulations, Amon! :)

--
 DaP

Previous message: [rsbac] Nordsec paper about RC model uploaded
Next message: [rsbac] AUTH capabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]