=>  RSBAC Handbook

RSBAC Handbook

Preface

Introduction

Arch. and Imple.

Security Modules

Installation

Config. Basics

Adv.Configuration

Maintenance

Troubleshooting

Appendixes

=>  Releases

Stable: 1.3.7
for kernels:

  • 2.4.36
  • 2.6.23.14

Devel 1.4: 1.4.0-pre1
for kernels:

  • 2.4.35.4
  • 2.6.23.9

Full RSBAC kernels
Lazy of patching ? Get the already rsbac-patched kernel. Choose your flavor.

Classic kernels
Includes vanilla kernel with the RSBAC patch

  • 2.6.23.14
  • 2.4.35.3

Enhanced kernels
Kernels including latest security fixes, goodies, and of course PaX+RSBAC

  • 2.6.23.15 (20080217)
  • 2.4.36 (20080217)

Debian repository
Also works for Ubuntu and other Debian-based distributions, of course

SVN
Cutting edge RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Introduction

This module can be used to

  • restrict rights of programs run by root
  • add root rights to normal users or programs run by them

It is only the RSBAC module which directly interferes with existing Linux access control.

Warning: The standard Linux ld.so dynamic linker does not know about min_cap settings, so it is possible to attack programs with min_caps settings with libraries in LD_PRELOAD! You should make sure that such programs are always started from a controlled environment, e.g. a wrapper cleaning the environment before starting the program!

How it works

On each setuid and execute, the CAP module first removes the capabilities not in the maximum set and then sets the given minimum caps. The values changed are the standard Linux capability values in the process task struct. This means that the RSBAC CAP module (like PAX and RES) is only an administration helper for existing Linux settings. Shortly said: final set = (original & max_caps) | min_caps.

All capability based desicions are done by original kernel code, which does not log anything. This is why you will never see a log message for missing capabilities, unless you enable specific CAP logging (from v1.2.4). Else, access will just be denied.

In softmode, the CAP module only enforces the minimum, but not the maximum values - this is the closest to the softmode idea it can get. If you start a daemon with a reduced maximum capability set in softmode, you should make sure to restart it after switching to secure mode - otherwise it will have unwanted capabilities.

If something works in softmode, but not in secure mode, you should always suspect missing CAP maximum values or turn on missing CAP logging.

CAP is especially useful for administrators on the RSBAC system, who are not root, but need read access to all directories so that they can administrate there despite having insufficient Linux access modes.

Note: If you only want to partially disable Linux access control for filesystem objects for all users, you might consider to use the generic RSBAC functionality provided for this purpose through the “Allow disabling of Linux filesystem access control” kernel configuration option.


Table of Contents: RSBAC Handbook
Back: Security Models

 

documentation/rsbac_handbook/security_models/cap.txt · Last modified: 2006/05/17 15:26 by kang
This website is kindly hosted by m-privacy