[ubuntu-hardened] Removing suid root from binaries where it isn't needed
csellers at tresys.com
Wed Oct 31 13:52:12 GMT 2007
On 10/30/07 11:23 PM, "Kees Cook" <kees at ubuntu.com> wrote:
> On Tue, Oct 30, 2007 at 10:46:12PM -0400, Chad Sellers wrote:
>> xattrs are present in ext2 (and many other filesystems) as well if you're
>> paranoid about something like this. That said, this seems pretty limited in
>> usefulness. For me, SELinux and other complimentary standard Linux security
>> mechanisms are enough to prevent unauthorized access to my filesystem. If
>> it's not for you (because of kernel exploit, physical access, or other
>> reasons), then you should probably not put said data on the filesystem in
>> the first place.
> Being able to have a package define it's needed capabilities agnostic of
> available MAC systems seems like a win to me. On the other hand,
> systems with a full policy/profile will find the protections redundant.
> I think the fscap stuff would be a good thing to get into Hardy+1. We
> can test it and start the discussion with Debian about it now, though.
That sounds like a good plan. Extra thought and testing will be good, as
this is an area where you have to tread very carefully. You have to account
for non-xattr filesystems, people who compile their own kernel (possibly
without fscaps), and many associated corner cases. We actually talked about
doing something similar with SELinux (authoritative caps ), but decided
against it due to these problems.
More information about the ubuntu-hardened