[ubuntu-hardened] File Posix Capabilities in Jaunty

Kees Cook kees at ubuntu.com
Mon Mar 16 19:34:22 GMT 2009


On Mon, Mar 16, 2009 at 09:06:35AM +0000, Michal Zimen wrote:
> On Fri, 2009-03-13 at 10:00 -0700, Kees Cook wrote:
> > As far as I know, this is all implemented and working.  The only confusing
> > thing is the libcap-bin is outdated, and libcap2-bin is the bit that
> > provides pam_cap.so.
> Right, there is that file, but I think it is used nowhere.
> However, there is still missing file /etc/security/capability.conf,
> where we would be able to assign inheritable capabilities to
> users/groups. 
> And then, there is no entry as for example 
>    "auth        required    pam_cap.so"
> in /etc/pam.d/* files.

Sure, those are local configuration changes you'd need to make to enable it
for your system.


Kees Cook
Ubuntu Security Team

More information about the ubuntu-hardened mailing list