Lower Process Capabilities
Sommario
This feature will lower the capabilities of all root daemons and many setuid apps. File and directory permissions may be reworked to require DAC_OVERRIDE for any system update.
Progettista
- Nome: Steve Grubb
- Email: sgrubb@redhat.com
Stato attuale
- Rilascio: Fedora 12
- Per informazioni aggiornate sullo stato di LowerProcessCapabilities consultare la pagina originale.
Detailed Description
When someone attacks a system, they normally can't do much unless they can escalate privileges. What this feature will do is reduce the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system.
But if some does successfully attack a root process, can steps be taken to render it hard to take advantage of? The answer is yes. Processes with the root uid can still damage a system. This is because they can write to nearly any file and of course read the /etc/shadow file. But if we harden the system so that root requires the DAC_OVERRIDE capability, then only a limited number of processes can damage the system. This won't affect any admin abilities because they always get full privileges which includes DAC_OVERRIDE.
A hardened system would have permissions like: 555 /bin, 555 /lib, 000 /etc/shadow and so on. The current scope is to cover the directories in $PATH variable, library dirs, /boot, and /root. This scheme does not affect selinux in any way and complements it since capabilities are DAC controls and they have first vote on allowing an access.
Benefit to Fedora
The benefit is that Fedora is more secure.
Altre informazioni
Per:
- Obbiettivi
- Test Plan
- Esperienza Utente
- Dipendenze
- Progetto corrente
- Documentazione
- Note di rilascio
- Commenti e Discussioni
consultare la pagina originale di questo documento.