To grant capabilities to an executable, a small wrapper file is created
that includes the path to an executable followed a capability set
written in hexadecimal. When this file is executed by the kernel, the
executable is granted the specified capabilities. The wrapper file must
be owned by root and have the SUID bit set.
For example, to remove the SUID bit on the ping program while retaining
its functionality:
# chmod -s /bin/ping
# mv /bin/ping /bin/ping_real
# echo '&/bin/ping_real 2000' > /bin/ping
# chmod +xs /bin/ping
Comments welcome.
Neil
¹ http://arctrix.com/nas/linux/capwrap.tar.gz
² http://atrey.karlin.mff.cuni.cz/~pavel/elfcap.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Nothing is running with root privileges (unless root is executing it).
The SUID bit on the wrapper is just a marker and does not change the
effective uid of the process. Also, AFAIK, you can't pass capabilities
from one program to another using exec(). I don't completely
understand this stuff yet but fs/exec.c has these lines in the
prepare_binprm() function:
cap_clear(bprm->cap_inheritable);
cap_clear(bprm->cap_permitted);
cap_clear(bprm->cap_effective);
Capabilities are only raised if bprm->e_uid == 0. So, unless I'm
misunderstand the code, you can't do the same thing with a SUID wrapper.
Thanks for you're comments.
Neil
Why not just do this with a small program if you're doing setuid
anyway?
-hpa
--
<h...@transmeta.com> at work, <h...@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt <am...@zytor.com>