Radical idea? Remove all automatic privilege escalation base on executable file attributes! - Kernel

This is a discussion on Radical idea? Remove all automatic privilege escalation base on executable file attributes! - Kernel ; That is, remove - setuid/setgid feature from Linux - cancel the capability attributes in files (or only only allow downgrading of capabilities) (e.g. mount everything as nosuid or something, but eventually, the code could be removed from the kernel) The ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Radical idea? Remove all automatic privilege escalation base on executable file attributes!

  1. Radical idea? Remove all automatic privilege escalation base on executable file attributes!


    That is, remove

    - setuid/setgid feature from Linux

    - cancel the capability attributes in files (or only only allow
    downgrading of capabilities)

    (e.g. mount everything as nosuid or something, but eventually, the
    code could be removed from the kernel)

    The only way to escalate privileges would be to request starting of
    the executable by some daemon (like upstart), which would grant or
    deny the request based totally on some user space policies.

    If granted,

    - would fork
    - child would setup the specified credentials to self
    - execve (or equivalent)

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: Radical idea? Remove all automatic privilege escalation base on executable file attributes!

    Hi,

    Markku Savela writes:

    > That is, remove
    >
    > - setuid/setgid feature from Linux
    >
    > - cancel the capability attributes in files (or only only allow
    > downgrading of capabilities)
    >
    > (e.g. mount everything as nosuid or something, but eventually, the
    > code could be removed from the kernel)
    >
    > The only way to escalate privileges would be to request starting of
    > the executable by some daemon (like upstart), which would grant or
    > deny the request based totally on some user space policies.


    Let's just hope then that this central facility is not buggy itself.
    Because if that would be the only way to acquire privileges as
    non-priviledged user, it is likely that every machine runs it.

    Opposed to a bug in one setuid program that not everyone is even
    garuanteed to have installed.

    Hannes
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread