I want to suggest here to add Linux/(POSIX) capability support within the usual
daemon-boot scripts.
like this:
*** /etc/init.d/skeleton Tue Mar 3 13:04:00 1998
--- /home/ct/skeleton.lcap Mon Jul 2 18:38:08 2001
***************
*** 14,21 ****
--- 14,23 ----
DAEMON=/usr/sbin/daemon
NAME=daemon
DESC="some daemon"
+ CAPABILITIES="CAP_CHOWN CAP_KILL ...."
test -f $DAEMON || exit 0
+ test -f /sbin/lcap && /sbin/lcap -z $CAPABILITIES
With a little effort we will gain alot (at least some) security improvement.
Sure it has its pros and cons, thats why i'm ask/suggest it here.
Noteable points:
lcap needs to be installed in /sbin instead /usr/sbin.
It makes only sense if such is supported for all daemons (thinking that
the system
is protected, while some daemons dont use it will be really bad..
then we can keep it as it is and anyone add lcap by himself)
lcap is linux-specific, while POSIX defines capabilities, I dont know
how other
kernels(HURD) implement such and whcih tools are available.
If the pepole here agree in this idea I might need some assistance in
fileing a bug report
(against wishlist/debian-policy? or against the lcap-package?
or against the daemon-packages?)
cya Christian
