Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
RFC: Capabilities #185
I'm submitting a PR as a request for comments/review for capabilities (7) support.
The code drops all privileges except CAP_NET_ADMIN and CAP_NET_RAW and switches the effective user ID to a non-privileged user and group. specified in the config file.
This solution is not without problems, as (obviously) an attacker could go back to UID0 and place shell scripts in /etc/cron.d/ or use similar attack vectors. To avoid this problem, a chroot environment would be required. CAP_CHROOT is not permitted anymore, so breaking out would not be a problem.
Re your earlier comment:
This will also need a switch_to_root() call then. INHERITABLE is probably also not needed in the patch above.