You are here : Home » Learning security » Operating Systems » GNU Linux » POSIX file capabilities, the dark side

POSIX file capabilities, the dark side

D 30 May 2010     H 15:20     A Emeric Nasi     C 0 messages


agrandir

Note: In order to understand this document it is strongly recommended you already know about POSIX capabilities. If not, read http://www.friedhoff.org/posixfilecaps.htm
Also the author supposes the reader have a good base about GNU Linux and security.
License : Copyright Emeric Nasi, some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
Creative Commons License

Introduction

Since kernel 2.6.25 Linux, capabilities processing is made easier. With the event of file capabilities combine with libcap2-bin tools (capsh, getpcaps, getcap, setcap), one can now reduce the exposure of superuser almighty power to hackers.
Some of the major Linux distributions such as Fedora are starting to use capabilities and have libcap2-bin tools enabled by default.
These tools can be use to improve security in these way :

  • Turn a setuid-root file into a file with minimum privileges
  • Run a service/daemon with uid other than 0 and minimum privileges
  • Run a service/daemon with uid=0 but with the minimum superuser privileges
  • Configure files so they can be accessed only by an admin or a process with the right privileges, and cannot be accessed by anyone else even unprivileged root.
  • Configure a file so that it does not have to be run by root to work properly.

However one must not be fooled by all this. Capabilities have some drawbacks.
I will first explain why capabilities can be dangerous.
Then I will show ways to circumvent capabilities and still hack system.
After that we will see how capabilities can be exploited by an attacker and thus generate more vulnerabilities

Note : Capabilities implies that superuser is not necessarily synonymous to root (uid=0). You can run a process as root that has no capabilities at all and vice-versa. That is why, when talking about superuser, I will rather use the term « superuser » than « root ».

This article has 12 pages, if you wish to read it download it here :

PDF - 93.8 kb
exploiting_capabilities_the_dark_side.pdf

Also in this section

20 July 2017 – Digging passwords in Linux swap

30 May 2016 – VNC to access Kali Linux on Raspberry Pi

5 December 2010 – Linux filesystem security scans

27 August 2010 – Linux security using a limited group (PAM modules)

14 August 2010 – How to secure Linux users

Any message or comments?
pre-moderation

This forum is moderated before publication: your contribution will only appear after being validated by an administrator.

Who are you?
Your post