From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JdUp2-0000Cj-BR for garchives@archives.gentoo.org; Sun, 23 Mar 2008 18:21:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B48A2E04DD; Sun, 23 Mar 2008 18:21:30 +0000 (UTC) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by pigeon.gentoo.org (Postfix) with ESMTP id 68244E04DD for ; Sun, 23 Mar 2008 18:21:30 +0000 (UTC) Received: by ug-out-1314.google.com with SMTP id j3so1896531ugf.49 for ; Sun, 23 Mar 2008 11:21:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; bh=+vQXK4LOCe7ucNsBQzmKgUr0AYNHbsEm6vco1KsM6dA=; b=ffBN6nhnMPHJyhkchwUoNuwX0VLpXoW2GQql6f8Xh1f9jka2zMG8B4KnMTsUbuCFz36fYv373s9bZL5c20QCHZ4r+Me6OtAyfYWyM3JTqpaHBu3jLhung4LfmBH5e7BU/VzAeVy9OHpm8gUYbhpMUg0XNTwCyO6oEXKJCE7JZqk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=nHScdMc+LxzKTLLwCRLgHwEYXPJ8Mg5G+vWEuOKxBbs8XH2VATTSMK2Y8LX9qLy7ywhaXtBs4DtKBNJpfaKkFvYe6Z3Pach0aCOc7jEq8EK6Eme4LSf1PBnHhulC9QxaHKZt/4aG57+cGRv38r+1xHDSLM20OSrmmp2ojR1Yg9A= Received: by 10.67.116.15 with SMTP id t15mr4092259ugm.21.1206296489394; Sun, 23 Mar 2008 11:21:29 -0700 (PDT) Received: by 10.66.225.9 with HTTP; Sun, 23 Mar 2008 11:21:29 -0700 (PDT) Message-ID: <9e0cf0bf0803231121t75eb67abu60f17f54086dd32@mail.gmail.com> Date: Sun, 23 Mar 2008 20:21:29 +0200 From: "Alon Bar-Lev" Sender: alon.barlev@gmail.com To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] [SECURITY] Minimizing the suid usage Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Google-Sender-Auth: 253a5e528b96d063 X-Archives-Salt: 1fc8f8d5-4212-4761-8132-79bf0ebbce59 X-Archives-Hash: 421e830b5fdcd20a8558735dbe8741a8 Hello All, linux-2.6.24 supports file based capabilities via: CONFIG_SECURITY_FILE_CAPABILITIES This enables the use of filesystem attributes in order to store per executable capabilities list, more information at [1]. This enables improved security level for people who don't wish to move into SELinux or similar. I think a new global USE flags (or use current caps) may enable ebuilds to set correct capabilities on files. On my system at least: ping, ping6, tcpdump, wireshark, samba, ntpd, rlogin, vmware may enjoy this and drop the root suid. In order to make it simple for everybody, a new eclass may be introduced to force dependency on >=libcap-2 and provide some atoms. This will provide more secured installation for users with a little effort, less usage of root user. What do you think? Alon. [1] http://www.friedhoff.org/fscaps.html -- gentoo-dev@lists.gentoo.org mailing list