[ubuntu-hardened] File Posix Capabilities in Jaunty
Kees Cook
kees at ubuntu.com
Mon Mar 16 19:34:22 GMT 2009
Hi,
On Mon, Mar 16, 2009 at 09:06:35AM +0000, Michal Zimen wrote:
> On Fri, 2009-03-13 at 10:00 -0700, Kees Cook wrote:
> > As far as I know, this is all implemented and working. The only confusing
> > thing is the libcap-bin is outdated, and libcap2-bin is the bit that
> > provides pam_cap.so.
>
> Right, there is that file, but I think it is used nowhere.
>
> However, there is still missing file /etc/security/capability.conf,
> where we would be able to assign inheritable capabilities to
> users/groups.
>
> And then, there is no entry as for example
> "auth required pam_cap.so"
> in /etc/pam.d/* files.
Sure, those are local configuration changes you'd need to make to enable it
for your system.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-hardened
mailing list