[PATCH] Non-root sshd and capabilities

Topi Miettinen (Topi.Miettinen@koti.tpo.fi)
Sun, 18 Mar 2001 20:12:51 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: changing mm->mmap_sem (was: Re: system call for process"
Previous message: Kai Germaschewski: "Re: [CHECKER] 28 potential interrupt errors"
Next in thread: Chris Evans: "Re: [PATCH] Non-root sshd and capabilities"
Reply: Chris Evans: "Re: [PATCH] Non-root sshd and capabilities"

This is a multipart MIME message.

--==_Exmh_-1020552840
Content-Type: text/plain; charset=us-ascii

(Please cc: me, I'm not subscribed.)

Using the magical prctl() call it's possible to run daemons as non-root
while still possessing some capabilities. For full support, patched kernel
with ext2 capabilities is required, but if the daemon doesn't exec()
anything (for example, by emulating exec() with mmap()), stock 2.4 is
enough.

This works well for programs like pppd, hwclock and XFree86. There is a
problem if the daemon uses setuid() and setgid() to change identity, like
sshd or cron. In function cap_emulate_setxuid() (in kernel/sys.c) the
capabilities are cleared when IDs are switched. However, the check misses
the case where old_*uid are already nonzero. This patch attempts to fix
the problem.

There are still problems with sequence
orig_euid = geteuid();
seteuid(65534);
/* work */
seteuid(orig_euid);

Any suggestions?

-Topi

--==_Exmh_-1020552840
Content-Type: text/plain ; name="cap_emulate_setxuid"; charset=us-ascii
Content-Description: cap_emulate_setxuid
Content-Disposition: attachment; filename="cap_emulate_setxuid"

diff -ru kernel/sys.c.orig kernel/sys.c
--- kernel/sys.c.orig Mon Oct 16 22:58:51 2000
+++ kernel/sys.c Mon Mar 12 23:40:26 2001
@@ -449,9 +449,13 @@
extern inline void cap_emulate_setxuid(int old_ruid, int old_euid,
int old_suid)
{
- if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
- (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+ if ((!cap_isclear(current->cap_inheritable) ||
+ !cap_isclear(current->cap_permitted) ||
+ !cap_isclear(current->cap_effective)) &&
+ (current->uid != old_ruid && current->euid != old_euid &&
+ current->suid != old_suid) &&
!current->keep_capabilities) {
+ cap_clear(current->cap_inheritable);
cap_clear(current->cap_permitted);
cap_clear(current->cap_effective);
}

--==_Exmh_-1020552840--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: changing mm->mmap_sem (was: Re: system call for process"
Previous message: Kai Germaschewski: "Re: [CHECKER] 28 potential interrupt errors"
Next in thread: Chris Evans: "Re: [PATCH] Non-root sshd and capabilities"
Reply: Chris Evans: "Re: [PATCH] Non-root sshd and capabilities"