Am 20.07.2015 um 23:34 schrieb Steve Grubb:
On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote:On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb <sgrubb@xxxxxxxxxx> wrote:The real problem with capabilities is there is no way to say, I trust this child process with this capability, but don't let it get inherited beyond this process that I'm about to start.Why would you want to do that?Because you know exactly why the program needs a capability and its not known to have children. Therefore any children must be because of an exploit. The way it is, capabilities are inherited and you can't stop it
when you start a service like let say a webserver and take away capabilities for security reasons than you want *for sure* to have them also inherited for *any* scripting language calling whatever via system()
it's expected behavior that settings for a systemd-unit like capabilities or namespaces are inherited for *every* prcoess of that service and not just for ExecStart itself leaving children unprotected
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
