FilesystemCapabilties
Differences between revisions 3 and 7 (spanning 4 versions)
564
Comment:
|
1552
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
* "cp -a" works * "rsync -AXa" works |
== Open Questions == * Filesystems without xattr support (NFS, squashfs, etc). Possible solutions: * VFS 'xattr_backing_file' mount option * union mount with xattr-capable ext3 over xattr-challenged NFS * stackable FS * Wait for fs's to support xattrs :) * Determine possible caps needed for programs. Perhaps: * walk compiled assembly, listing caps * definately needed (i.e. cap_sys_admin for mount) * possibly needed (i.e. cap_dac_override) * audit? * kprobe * library to wrap syscalls to enable caps * tries syscall(SYS_xyz), if fail with -EPERM/EACCESS, then * oldcaps = enable_eff_cap_by_syscall(SYS_xyz) * looks through library of (syscall->caps_list) pairs * copies any x in caps_list which is in pP to pE * retries SYS_xyz * resets oldcaps == Blockers == * "rsync -AXa" works, but "AX" should be part of "a" |
Line 10: | Line 30: |
* NFS does not support xattr (patches for NFSv3 exist: http://marc.info/?l=linux-security-module&m=126804495005609&w=2) * libcap2's pam_cap is not designed for least-privilege, has unexpected parsing results |
* dpkg-deb does not know about xattrs. == Good == * "cp -a" works == Bad == * NFS does not support xattr == Ugly == * libcap2's pam_cap has unexpected parsing results (should allow multiple matches on user) == Fixed == * libcap2-bin does not install pam_cap.so into the common-auth stack automatically (LP: #534658). |
Dumping ground for notes on supporting filesystem capabilities.
Open Questions
- Filesystems without xattr support (NFS, squashfs, etc). Possible solutions:
- VFS 'xattr_backing_file' mount option
- union mount with xattr-capable ext3 over xattr-challenged NFS
- stackable FS
Wait for fs's to support xattrs
- Determine possible caps needed for programs. Perhaps:
- walk compiled assembly, listing caps
- definately needed (i.e. cap_sys_admin for mount)
- possibly needed (i.e. cap_dac_override)
- audit?
- kprobe
- walk compiled assembly, listing caps
- library to wrap syscalls to enable caps
- tries syscall(SYS_xyz), if fail with -EPERM/EACCESS, then
- oldcaps = enable_eff_cap_by_syscall(SYS_xyz)
looks through library of (syscall->caps_list) pairs
- copies any x in caps_list which is in pP to pE
- retries SYS_xyz
- resets oldcaps
Blockers
- "rsync -AXa" works, but "AX" should be part of "a"
- cpio fails
- tar fails
- dpkg-deb does not know about xattrs.
Good
- "cp -a" works
Bad
- NFS does not support xattr
Ugly
- libcap2's pam_cap has unexpected parsing results (should allow multiple matches on user)
Fixed
- libcap2-bin does not install pam_cap.so into the common-auth stack automatically (LP: #534658).
Security/FilesystemCapabilties (last edited 2014-12-19 01:09:24 by kees)