6 Dec
2023
6 Dec
'23
9:53 p.m.
I did not know!
"Not needing root to administer Linux - the home of libcap"
https://sites.google.com/site/fullycapable/
I discovered this while investigating the source for
"C library for Broadcom BCM 2835"
http://www.airspayce.com/mikem/bcm2835/
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
7 Dec
7 Dec
10:02 a.m.
I wasn't aware of this either. In seeing it, I immediately though of SELinux. I
found this oost, which states that they are different, but from the users point of view
accomplish exactly the same thing:
https://security.stackexchange.com/questions/10816/what-are-the-practical-d…
Which makes me wonder if we need both and what the path forward is.
As an aside, the ping example given isn't fully in alignment with my Fedora system.
My version of /bin/ping is not setuid root. However it behaves as described. Also, it
has an additional capability of admin.. So, the logic in section 2 for privileges must
not be correct, since the legacy setuid root bit is not set and the program is running
setuid root, apparently.
I'm still reading. Thanks for posting this.
But I seem to remember libcap as being a bad actor somehow: as in seeing it in error
messages. I just can't remember the context. I'm hazily recalling maybe version
issues.
-Gary
On Wed, Dec 06, 2023 at 01:53:28PM -0800, Brian E. Lavender wrote:
I did not know!
"Not needing root to administer Linux - the home of libcap"
https://sites.google.com/site/fullycapable/
I discovered this while investigating the source for
"C library for Broadcom BCM 2835"
http://www.airspayce.com/mikem/bcm2835/
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
10:36 a.m.
There is a capabilities man page which states that capabilities have been fully
implemented since the 2.6.24 kernel.
I think a filesystem that provides extended file attributes is required, but I'm not
sure if this is only the case in certain use cases and if, for example, system binaries
are compiled with capabilities awareness it doesn't matter for them
But it would seem that they have an difference ( I was going to say advantage) over
SELinux in that the configuration can be done at build time.
-Gary
On Thu, Dec 07, 2023 at 02:02:35AM -0800, Gary wrote:
I wasn't aware of this either. In seeing it, I
immediately though of SELinux. I found this oost, which states that they are different,
but from the users point of view accomplish exactly the same thing:
https://security.stackexchange.com/questions/10816/what-are-the-practical-d…
Which makes me wonder if we need both and what the path forward is.
As an aside, the ping example given isn't fully in alignment with my Fedora system.
My version of /bin/ping is not setuid root. However it behaves as described. Also, it
has an additional capability of admin.. So, the logic in section 2 for privileges must
not be correct, since the legacy setuid root bit is not set and the program is running
setuid root, apparently.
I'm still reading. Thanks for posting this.
But I seem to remember libcap as being a bad actor somehow: as in seeing it in error
messages. I just can't remember the context. I'm hazily recalling maybe version
issues.
-Gary
On Wed, Dec 06, 2023 at 01:53:28PM -0800, Brian E. Lavender wrote:
I did not know!
"Not needing root to administer Linux - the home of libcap"
https://sites.google.com/site/fullycapable/
I discovered this while investigating the source for
"C library for Broadcom BCM 2835"
http://www.airspayce.com/mikem/bcm2835/
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
6:43 p.m.
libcap is a library for systems programming.
libcap.h and libcap.so
I don't know of a libselinux library. I will once again reference the
bcm2835 library that we use to facilitate our access that big fat set
of IO pins on the Raspberry Pi!
https://www.raspberrypi.com/documentation/computers/raspberry-pi.html
Say for instance that I want to get access to raw memory that is mapped
to the gpio pins on the Raspberry Pi and I don't want it to run as root.
When we design hardware, we can actually take an area of what looks
like memory and map it into the hardware. So, rather than it look at
the memory chip, it looks at stuff on the bcm2835 is managing. If you
have free time, you may want to explore the "Hierarchical Digital Design
Methodology CPE 273" at Sac State.
Examine https://www.airspayce.com/mikem/bcm2835/ and search for
```
sudo setcap cap_sys_rawio+ep *myprogname*
```
It gives our user the capability to do rawio
Second, examine the source for bcm2835.c. Notice how we check if we are
root or if we have the have the capability. I know we all love root, yet
this just isn't practical in many situations.
```
if ( geteuid() == 0
#ifdef BCM2835_HAVE_LIBCAP
|| bcm2835_has_capability(CAP_SYS_RAWIO)
#endif
)
{
/* Open the master /dev/mem device */
if ((memfd = open("/dev/mem", O_RDWR | O_SYNC) ) < 0)
{
fprintf(stderr, "bcm2835_init: Unable to open /dev/mem: %s\n",
strerror(errno)) ;
goto exit;
}
[snip]
```
On Thu, Dec 07, 2023 at 02:36:07AM -0800, Gary wrote:
There is a capabilities man page which states that
capabilities have been fully implemented since the 2.6.24 kernel.
I think a filesystem that provides extended file attributes is required, but I'm not
sure if this is only the case in certain use cases and if, for example, system binaries
are compiled with capabilities awareness it doesn't matter for them
But it would seem that they have an difference ( I was going to say advantage) over
SELinux in that the configuration can be done at build time.
-Gary
On Thu, Dec 07, 2023 at 02:02:35AM -0800, Gary wrote:
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
I wasn't aware of this either. In seeing it,
I immediately though of SELinux. I found this oost, which states that they are different,
but from the users point of view accomplish exactly the same thing:
https://security.stackexchange.com/questions/10816/what-are-the-practical-d…
Which makes me wonder if we need both and what the path forward is.
As an aside, the ping example given isn't fully in alignment with my Fedora system.
My version of /bin/ping is not setuid root. However it behaves as described. Also, it
has an additional capability of admin.. So, the logic in section 2 for privileges must
not be correct, since the legacy setuid root bit is not set and the program is running
setuid root, apparently.
I'm still reading. Thanks for posting this.
But I seem to remember libcap as being a bad actor somehow: as in seeing it in error
messages. I just can't remember the context. I'm hazily recalling maybe version
issues.
-Gary
On Wed, Dec 06, 2023 at 01:53:28PM -0800, Brian E. Lavender wrote:
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com I did not know!
"Not needing root to administer Linux - the home of libcap"
https://sites.google.com/site/fullycapable/
I discovered this while investigating the source for
"C library for Broadcom BCM 2835"
http://www.airspayce.com/mikem/bcm2835/
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
395
days inactive
396
days old
3 comments
2 participants
participants (2)
-
Brian E. Lavender -
Gary