documentation:different_models:cap
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
documentation:different_models:cap [2006/05/02 13:40] – (old revision restored) 127.0.0.1documentation:different_models:cap [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
Line 1: Line 1:
-===== Introduction ===== 
-This module can be used to 
-  * restrict rights of programs run by root 
-  * add root rights to normal users or programs run by them 
- 
-It is only the RSBAC module which directly interferes with existing Linux access control. 
- 
-__Warning__: The standard Linux ld.so dynamic linker does not know about min_cap settings, so it is possible to attack programs with min_caps settings with libraries in LD_PRELOAD! 
-You should make sure that such programs are always started from a controlled environment, e.g. a wrapper cleaning the environment before starting the program! 
- 
-===== How it works ===== 
- 
-On each setuid and execute, the CAP module first removes the capabilities not in the maximum set and then sets the given minimum caps. The values changed are the standard Linux capability values in the process task struct. This means that the RSBAC CAP module (like PAX and RES) is only an administration helper for existing Linux settings. 
-Shortly said: final set = (original & max_caps) | min_caps. 
- 
-All capability based desicions are done by original kernel code, which does not log anything. This is why you will never see a log message for missing capabilities, unless you enable specific CAP logging (from v1.2.4). Else, access will just be denied. 
- 
-In softmode, the CAP module only enforces the minimum, but not the maximum values - this is the closest to the softmode idea it can get. If you start a daemon with a reduced maximum capability set in softmode, you should make sure to restart it after switching to secure mode - otherwise it will have unwanted capabilities. 
- 
-If something works in softmode, but not in secure mode, you should always suspect missing CAP maximum values or turn on missing CAP logging. 
- 
-CAP is especially useful for administrators on the RSBAC system, who are not root, but need read access to all directories so that they can administrate there despite having insufficient Linux access modes. 
- 
-__Note__: If you only want to partially disable Linux access control for filesystem objects for all users, you might consider to use the generic RSBAC functionality provided for this purpose through the "Allow disabling of Linux filesystem access control" kernel configuration option. 
  
//
documentation/different_models/cap.1146577225.txt.gz · Last modified: 2006/05/17 12:31 (external edit)

documentation/different_models/cap.1146577225.txt.gz · Last modified: 2006/05/17 12:31 (external edit)
This website is kindly hosted by m-privacy