[Bug 2600] New: Use Linux capabilities to revoke additional permissions from chrooted users
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Jul 21 00:16:32 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2600
Bug ID: 2600
Summary: Use Linux capabilities to revoke additional
permissions from chrooted users
Product: Portable OpenSSH
Version: 7.2p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2857
--> https://bugzilla.mindrot.org/attachment.cgi?id=2857&action=edit
Configure integration of libcap-ng and its usage related to chroot
This report is closely related to the bug #2482, reported some time ago
and it is attempting to resolve old chicken-egg problem with chroot (in
combination with SELinux), but it can make sense also to the normal
Linux to drop additional privileges earlier (or in the other parts of
code).
With SELinux, we can avoid giving out setuid, setgit capabilities to
the very limited SELinux users which is very desirable (we can't switch
SELinux context in chroot, so we had to have these permissions to drop
uid and gid).
The new behavior drops all capabilities (except SYS_CHROOT) before
chroot and the SYS_CHROOT capability just after it. Even if the first
attempt fails (prevented by SELinux), the privileges are dropped as
before using permanently_set_uid().
This patch is implemented using libcap-ng [1] library, which is making
the use of the Linux capabilities much easier than the native inteface
(the patch can build with or without it).
[1] https://people.redhat.com/sgrubb/libcap-ng/
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list