[ubuntu-hardened] File Posix Capabilities in Jaunty
Michal Zimen
michal.zimen at gmail.com
Mon Mar 16 09:06:35 GMT 2009
On Fri, 2009-03-13 at 10:00 -0700, Kees Cook wrote:
> Hi Michal,
>
> On Fri, Mar 13, 2009 at 08:41:53AM +0100, Michal Zimen wrote:
> > I mean capabilities described for example in this article:
> > http://www.friedhoff.org/posixfilecaps.html
> >
> >
> > It would be better to have system without SUID executable files. Afterall,
> > it is not so complicated:)
>
> As far as I know, this is all implemented and working. The only confusing
> thing is the libcap-bin is outdated, and libcap2-bin is the bit that
> provides pam_cap.so.
Right, there is that file, but I think it is used nowhere.
However, there is still missing file /etc/security/capability.conf,
where we would be able to assign inheritable capabilities to
users/groups.
And then, there is no entry as for example
"auth required pam_cap.so"
in /etc/pam.d/* files.
Michal
> -Kees
>
More information about the ubuntu-hardened
mailing list