Comments on: easy example of filesystem capabilities

By: kees

kees — Tue, 06 Jul 2010 17:13:23 +0000

@Philipp: unfortunately not. There are several blockers still, not the least of which is tar itself: https://wiki.ubuntu.com/Security/FilesystemCapabilties

By: Philipp Kern

Philipp Kern — Tue, 06 Jul 2010 08:40:13 +0000

Was there progress on this?

By: kees

kees — Wed, 10 Feb 2010 07:02:40 +0000

fscaps are just extended attributes, so in theory, it could be stored by cpio/tar/etc. What I’m designing would be for dpkg and would be handled similar to normal permission bits, including something like a /var/lib/dpkg/statoverride file for local modifications, etc. I hope to have some proof-of-concept emailed to the dpkg devel mailing list soon, but we’ll see what time permits.

By: someone

someone — Wed, 10 Feb 2010 05:52:39 +0000

Can you explain how this will be supported by distributions like Debian? I assume we can’t add filesystem capabilities to the files stored inside the data.tar.gz inside the .deb?

By: kees

kees — Wed, 10 Feb 2010 04:01:29 +0000

Well, thanks! But, don’t get too excited; we’re not there in Lucid (there’s no packaging support for this in Ubuntu yet), but I’m quite interested in getting it working. At the very least, we can document all the caps that need to be set for a default install.

By: Jeff Schroeder

Jeff Schroeder — Wed, 10 Feb 2010 01:46:56 +0000

Kees, this is outstanding! I’ve envisioned[1] for sometime a mainstream distro that will eventually ship without suid root applications. Granted that was a _long_ time ago, but it was really exciting once Serge Hallyn sent the pull request for that patch.

Your work on _proactive_ vs reactive security is one of the reasons I stick with Ubuntu.

[1] https://wiki.ubuntu.com/Security/Investigation/Setuid