[ubuntu-hardened] Removing suid root from binaries where it isn't needed
Chad Sellers
csellers at tresys.com
Wed Oct 31 13:52:12 GMT 2007
On 10/30/07 11:23 PM, "Kees Cook" <kees at ubuntu.com> wrote:
> On Tue, Oct 30, 2007 at 10:46:12PM -0400, Chad Sellers wrote:
>> xattrs are present in ext2 (and many other filesystems) as well if you're
>> paranoid about something like this. That said, this seems pretty limited in
>> usefulness. For me, SELinux and other complimentary standard Linux security
>> mechanisms are enough to prevent unauthorized access to my filesystem. If
>> it's not for you (because of kernel exploit, physical access, or other
>> reasons), then you should probably not put said data on the filesystem in
>> the first place.
>
> Being able to have a package define it's needed capabilities agnostic of
> available MAC systems seems like a win to me. On the other hand,
> systems with a full policy/profile will find the protections redundant.
>
> I think the fscap stuff would be a good thing to get into Hardy+1. We
> can test it and start the discussion with Debian about it now, though.
>
That sounds like a good plan. Extra thought and testing will be good, as
this is an area where you have to tread very carefully. You have to account
for non-xattr filesystems, people who compile their own kernel (possibly
without fscaps), and many associated corner cases. We actually talked about
doing something similar with SELinux (authoritative caps [1]), but decided
against it due to these problems.
Chad
[1] http://marc.info/?l=selinux&m=118159187318524&w=2
More information about the ubuntu-hardened
mailing list