Archive:It IT/Releases/12/Features/LowerProcessCapabilities

From FedoraProject

Revision as of 17:12, 28 January 2010 by Lewis41 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Lower Process Capabilities


This feature will lower the capabilities of all root daemons and many setuid apps. File and directory permissions may be reworked to require DAC_OVERRIDE for any system update.


Stato attuale

Detailed Description

When someone attacks a system, they normally can't do much unless they can escalate privileges. What this feature will do is reduce the number of attack targets that can be used to escalate privileges. If root processes do not have all capabilities, they will be harder to use to subvert the system.

But if some does successfully attack a root process, can steps be taken to render it hard to take advantage of? The answer is yes. Processes with the root uid can still damage a system. This is because they can write to nearly any file and of course read the /etc/shadow file. But if we harden the system so that root requires the DAC_OVERRIDE capability, then only a limited number of processes can damage the system. This won't affect any admin abilities because they always get full privileges which includes DAC_OVERRIDE.

A hardened system would have permissions like: 555 /bin, 555 /lib, 000 /etc/shadow and so on. The current scope is to cover the directories in $PATH variable, library dirs, /boot, and /root. This scheme does not affect selinux in any way and complements it since capabilities are DAC controls and they have first vote on allowing an access.

Benefit to Fedora

The benefit is that Fedora is more secure.

Altre informazioni


  • Obbiettivi
  • Test Plan
  • Esperienza Utente
  • Dipendenze
  • Progetto corrente
  • Documentazione
  • Note di rilascio
  • Commenti e Discussioni

consultare la pagina originale di questo documento.