[arch-general] Policy about packages and file capabilities

Leonid Isaev leonid.isaev at jila.colorado.edu
Mon Nov 16 22:42:35 UTC 2015


On Mon, Nov 16, 2015 at 09:00:28PM +0100, Damjan Georgievski wrote:
> >> What's the policy about capabilities for executables in Arch packages?
> >
> > I _guess_ that capabilities are used to avoid SUID binaries when this is
> > secure.
> 
> well, also, unless you set capabilities on the executable a process
> can't have capabilities when a non-root process execs the executable

Sure, that's what is done with the ping(8) binary.

> >> I'm asking since in my setup I'm running wpa_supplicant as the
> >> 'nobody' user, but I let it keep the NET_ADMIN and NET_RAW
> >> capabilities (excerpt from the .service file):
> >
> > Read the caveat here: https://w1.fi/cgit/hostap/plain/wpa_supplicant/README .
> > Basically, you'll need a special user/group for executing
> > /usr/bin/wpa_supplicant.
> 
> right, I  think that too would need to be done in a proper package.
> I'd rather make it 750, and root/wpa_supplicant

Which means that the filesystem package should get modified?

> 
> > In general, why is this necessary? What kind of attack (besides DoS) is
> > possible against wpa_supplicant?
> 
> there have been buffer overflows etc. in wpa supplicant, not good for
> a root process.
> https://www.google.com/search?q=wpa_supplicant+CVE&ie=utf-8&oe=utf-8

But those CVEs are mostly denial of service... right?

-- 
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6  20DF 9291 EE8A 043C B8C4
                  C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D


More information about the arch-general mailing list