[ubuntu-hardened] File Posix Capabilities in Jaunty

Michal Zimen michal.zimen at gmail.com
Mon Mar 16 09:06:35 GMT 2009

On Fri, 2009-03-13 at 10:00 -0700, Kees Cook wrote:
> Hi Michal,
> On Fri, Mar 13, 2009 at 08:41:53AM +0100, Michal Zimen wrote:
> > I mean capabilities described for example in this article:
> >                    http://www.friedhoff.org/posixfilecaps.html
> > 
> > 
> > It would be better to have system without SUID executable files. Afterall,
> > it is not so complicated:)
> As far as I know, this is all implemented and working.  The only confusing
> thing is the libcap-bin is outdated, and libcap2-bin is the bit that
> provides pam_cap.so.

Right, there is that file, but I think it is used nowhere.

However, there is still missing file /etc/security/capability.conf,
where we would be able to assign inheritable capabilities to

And then, there is no entry as for example 
   "auth        required    pam_cap.so"
in /etc/pam.d/* files.


> -Kees

More information about the ubuntu-hardened mailing list