tags : Linux Permissions, Linux Security Constraints
Past and background
Traditionally, UNIX privilege divides things into two
- Normal users
- Super user (UID0)
Delegating privilege usually done via setuid and setgid bits. This is powerful but dangerous.
As one can see delegating privilege via setuid and setgid bits is coarse. i.e if we want to give a program the ability to change system time we should now also give it the ability to do everything else!
Capabilities try to solve this.
Intro
- Divide power of super user into small pieces
- Capabilities are a per-thread attribute.
- Stored in the file’s inode like other linux permission attributes
- Can be assigned to files, see manpage
Inspecting
Capabilities for a process can be seen at /proc/PIC/status
λ cat /proc/1/status | grep Cap
# CapInh: 0000000000000000
# CapPrm: 000001ffffffffff
# CapEff: 000001ffffffffff
# CapBnd: 000001ffffffffff
# CapAmb: 0000000000000000
λ capsh --decode=000001ffffffffff
# 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
# other utils: setcap, getpcaps, getcap