[gentoo-soc] Weekly Progress Report #1 for POSIX-Capabilities Project

[gentoo-soc] Weekly Progress Report #1 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

here is my first progress report :).

This is the abstract of my project:
This project will add a feature to Gentoo to use POSIX-Capabilities
instead of setuid/setgid, which would be a security enhancement. Gentoo
allows some security features already and Capabilities will make a
useful addition.
The user will be able to choose, if he/she wants to use Capabilities by
setting a USE-Flag or selecting an appropriate profile.

For those of you, who wonder what these capabilities are and how one
uses them, I included some interesting links at the bottom, have fun :).

I use git-hub [1] for my project and use the wiki there for some more
detailed status-reports. I also started a blog, which you can find here [2].

So, getting to the point, what did I do this week:
I started implementing the ebuild-helper (fcaps), which will be used to
set the capabilities.
So far it can do:
- set a single capability
- add =ep to add the capability to the effective and permitted set
- detect if the capability got set correctly
- set fallback permissions, if the capability couldn't be set

To see how fcaps behaves I used the net-misc/iputils ebuild. Since I
already knew which capability ping needs, I started with ping. I put the
call to fcaps in pkg_postinst(), because the capability gets lost, if
the binary is copied out of the sandbox. There are mechanisms to keep
these kinds of attributes, so if there are objections to setting
capabilities outside the sandbox, I will look into these mechanism. As
far as I know there has already been some work done by the portage team
to preserve these attributes.

Maybe you would like to know how a call to fcaps looks like at the
moment? Here it is:
fcaps uid:gid file-mode capability path/to/binary
For example:
fcaps root:root 4711 cap_net_raw /bin/ping

The uid:gid and file-mode are needed for the fallback-mechanism.

Next week I will implement the ability to set more than one capability,
test fcaps with different filesystem and kernels and find out how to
properly produce ebuild-output, so I can inform the user, if the
capabilities couldn't be set.

So that's it for now, if you have questions or suggestions, feel free to
mail me :).

Cheers,
Constanze

[1] http://github.com/constanze/GSoC2010_Gentoo_Capabilities
[2] http://coupleprogramming.eu/blog/?cat=3

Some interesting links about capabilities:
http://www.linuxjournal.com/magazine/making-root-unprivileged
http://linux.die.net/man/7/capabilities
http://www.ibm.com/developerworks/library/l-posixcap.html
http://www.friedhoff.org/posixfilecaps.html

[gentoo-soc] ventoo progress report

[Christopher Harvey]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

in case post on p.g.o isn't official enough.
http://www.basementcode.com/blog/?p=25

- -- 
My GnuPGP key at:
www.basementcode.com/public_key.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMAr+FAAoJEDqfZIFeqFH7yXgIAIM22bg2aERIXu6yw7HdcXYl
m/9AR2YPppaG97S3UjDWrfgAcE7lr6xhJQooL/C3CE32TQX+iZWGC5BASAL36zUL
UyP51bHhOR23veM4gX+0Wg0q1AthuhmJPgeXVRabG1qYTOm0l1fkLtVjJtA5zYTD
0VqYdJtkw9OvG5Z0SZnIdjZryrlDJc75v1WudLUbOhpST+Y1U6u0c07oMW+ev5AA
KFituJr2hevALMmHExovW6M1D3ZEsetZnb2GeUXFf9Ydpx8Ubx9sWRdBaHfG9DVk
hY4HFKi/VNslGS74blUIf0urTflTqF8BZhaHlfLY/vlVs6AlxdUIbFFYqqihfDs=
=3ciN
-----END PGP SIGNATURE-----

[gentoo-soc] Weekly Progress Report #2 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

here is my second progress report.
This week I had a lot of university-stuff to do, so my progress report
is a little short.

What did I do this week:
I wrote a man-page for fcaps (with docbook and xslt), which required a
bit of reading and try-and-error to get it done right :).
I changed the format of fcaps a little bit, so more than one capability
can be set.
Finally I added capabilites for ping6 and traceroute6 to the
net-misc/iputils ebuild, it is now setuid free.

Then I tested fcaps with net-misc/iputils with different file-systems:
ext2, ext3, ext4 support capabilities, if CONFIG_EXT[2,3,4]_FS_XATTR is set.
hfs/hfsplus (surprise, surprise ;)), reiserfs3 do not support capabilities.
xfs, jfs support capabilities out of the box.

My first mile-stone is due to next week, here is the corresponding
excerpt from my proposal:
May 24th to June 13th
I will implement an alpha-version of the Capability-setting script,
integrate it in portage and test it with the "net-misc/iputils"-ebuild.

So that's it for now, if you have questions, suggestions or
improvement-ideas, feel free to
mail me or add a comment :).

Cheers,
Constanze

GitHub Repo: http://github.com/constanze/GSoC2010_Gentoo_Capabilities
Blog: http://coupleprogramming.eu/blog/

[gentoo-soc] Weekly Progress Report #3 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

I posted my progress report #3 on my blog.
http://coupleprogramming.eu/blog/?p=60

Cheers,
Constanze

[gentoo-soc] Weekly Progress Report #4 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

I posted my progress report #4 on my blog.
http://coupleprogramming.eu/blog/?p=78

Cheers,
Constanze

[gentoo-soc] Weekly Progress Report #5 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

I posted my progress report #5 on my blog.
http://coupleprogramming.eu/blog/?p=92

Cheers,
Constanze

[gentoo-soc] Weekly Progress Report #6 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

I posted my progress report #6 on my blog.
http://coupleprogramming.eu/blog/?p=103

Cheers,
Constanze

[gentoo-soc] Weekly Progress Report #7 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

I posted my progress report #7 on my blog.
http://coupleprogramming.eu/blog/?p=148

Cheers,
Constanze

[gentoo-soc] Weekly Progress Report #8 for POSIX-Capabilities Project

[Constanze Hausner]

Hi everyone,

I posted my progress report #8 on my blog.
http://coupleprogramming.eu/blog/?p=171

Cheers,
Constanze