Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ANN: capwrap - grant capabilities to executables

4 views
Skip to first unread message

Neil Schemenauer

unread,
Mar 17, 2002, 3:11:18 PM3/17/02
to
I've written a small module¹ that enables the use of Linux capabilities
on filesystems that do not support them. It is similar in spirit to ELF
capabilities hack² but is not specific to the ELF executable format and
is implemented as separate kernel module.

To grant capabilities to an executable, a small wrapper file is created
that includes the path to an executable followed a capability set
written in hexadecimal. When this file is executed by the kernel, the
executable is granted the specified capabilities. The wrapper file must
be owned by root and have the SUID bit set.

For example, to remove the SUID bit on the ping program while retaining
its functionality:

# chmod -s /bin/ping
# mv /bin/ping /bin/ping_real
# echo '&/bin/ping_real 2000' > /bin/ping
# chmod +xs /bin/ping

Comments welcome.

Neil


¹ http://arctrix.com/nas/linux/capwrap.tar.gz
² http://atrey.karlin.mff.cuni.cz/~pavel/elfcap.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Neil Schemenauer

unread,
Mar 17, 2002, 5:45:32 PM3/17/02
to
H. Peter Anvin wrote:
> Why not just do this with a small program if you're doing setuid
> anyway?

Nothing is running with root privileges (unless root is executing it).
The SUID bit on the wrapper is just a marker and does not change the
effective uid of the process. Also, AFAIK, you can't pass capabilities
from one program to another using exec(). I don't completely
understand this stuff yet but fs/exec.c has these lines in the
prepare_binprm() function:

cap_clear(bprm->cap_inheritable);
cap_clear(bprm->cap_permitted);
cap_clear(bprm->cap_effective);

Capabilities are only raised if bprm->e_uid == 0. So, unless I'm
misunderstand the code, you can't do the same thing with a SUID wrapper.

Thanks for you're comments.

Neil

H. Peter Anvin

unread,
Mar 17, 2002, 5:25:12 PM3/17/02
to
Followup to: <2002031712...@glacier.arctrix.com>
By author: Neil Schemenauer <n...@python.ca>
In newsgroup: linux.dev.kernel

>
> I've written a small module¹ that enables the use of Linux capabilities
> on filesystems that do not support them. It is similar in spirit to ELF
> capabilities hack² but is not specific to the ELF executable format and
> is implemented as separate kernel module.
>
> To grant capabilities to an executable, a small wrapper file is created
> that includes the path to an executable followed a capability set
> written in hexadecimal. When this file is executed by the kernel, the
> executable is granted the specified capabilities. The wrapper file must
> be owned by root and have the SUID bit set.
>
> For example, to remove the SUID bit on the ping program while retaining
> its functionality:
>
> # chmod -s /bin/ping
> # mv /bin/ping /bin/ping_real
> # echo '&/bin/ping_real 2000' > /bin/ping
> # chmod +xs /bin/ping
>

Why not just do this with a small program if you're doing setuid
anyway?

-hpa
--
<h...@transmeta.com> at work, <h...@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt <am...@zytor.com>

0 new messages