Re: [DNG] Interesting Read on Linux Permissions

[aitor]

On 9/9/22 22:27, aitor wrote:

The way to get so called capability is:
$ sudo /sbin/setcap cap_kill+ep cap_example


Remove the binary after the test.

Aitor.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Interesting Read on Linux Permissions

[aitor]

Hi O'Beardly

On 9/9/22 13:48, Linux O'Beardly via Dng wrote:


I was "aware" of this, but I don't know that I understood it. I'm actually not 
sure that I understand it now, but I'm more aware of it than I was before.
https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf


 


A file with the suid permissions always execute as the user who owns the file, 
regardless of the user passing the command.

Let's put an example in C:


#include 
#include 
#include 

int main()
{
  setuid(0);
  system("apt-get update");
  return 0;
}


This program will update your devuan repo. Compile the code:

$ gcc suid_example.c -o suid_example

Before trying to run it, you must change the ownership of the given binary 
because you'll need admin permissions:

$ sudo chown root:root suid_example

In addition, the line 'setuid(0)' in the C code requires another step to be 
honored:

$ sudo chmod u+s suid_example

You've given suid permissions to the file. Indeed:

$ ls -l suid_example
-rwsr-xr-x 1 root  root  16656 sep  9 21:09 suid_example

Now run the binary, and your repo will be updated:

$ ./suid_example
Des:1http://deb.devuan.org/merged  chimaera InRelease [33,5 kB]
Des:2http://deb.devuan.org/merged  chimaera-updates InRelease [26,1 kB]
Des:3http://deb.devuan.org/merged  chimaera-security InRelease [26,2 kB]
.
.

On the other hand, the goal of the linux capabilities is to escalate 
permissions of the binary from the low privilege (effective uid is not 0) in a 
less risky way than using suid.
Such a binary cannot do whatever it pleases, because it's limited by the 
capability bounding set. Further information about linux capabilities:

https://man7.org/linux/man-pages/man7/capabilities.7.html
 
Consider the following program:



#include 
#include 
#include 
#include 

int main(int argc, char **argv)
{
  kill(atoi(argv[1]), SIGTERM);
  return 0;
}


In order to compile the program you need to install 'libcap-dev':

$ sudo apt-get install libcap-dev

Build the program:

$ gcc cap_example.c -o cap_example -lcap

The generated binary will terminate a concrete process, whenever the PID of the 
process is received as an argument in the command line.
However, if the given process is a root process, obviously you will not be able 
to kill it as a mortal user.
You'll need a concrete linux capability then, called CAP_KILL.

The way to get so called capability is:

$ sudo /sbin/setcap cap_kill+ep cap_example


The additional flags (+ep) mean effective-set and permitted-set. I'm not going 
into details.

Now open another terminal and run a root process, for the sake of example, 
synaptic.

You can pass the pid of the running process as an argument to the compiled 
binary using the following pipe:

$ pidof synaptic | xargs cap_example

... And the root process, i.e. synaptic, terminates.

HTH,

Aitor.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Interesting Read on Linux Permissions

[o1bigtenor via Dng]

On Fri, Sep 9, 2022 at 6:48 AM Linux O'Beardly via Dng
 wrote:
>
> I was "aware" of this, but I don't know that I understood it. I'm actually 
> not sure that I understand it now, but I'm more aware of it than I was before.
>
> https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf
>

Couple of interesting 'networking' articles too.

HTH
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Seeking professional mentor (was Re: Interesting Read on Linux Permissions)

[jkinney23--- via Dng]

 On Friday, September 9, 2022, 04:48:29 a.m. PDT, Linux O'Beardly via Dng 
 wrote:


> I was "aware" of this, but I don't know that I understood it. I'm actually 
> not sure 
that I understand it now, but I'm more aware of it than I was before.

> https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf


I should probably clarify that I am just a lowly trained musician seeking 
career 
advice from veteran UNIX system administrators and it's just timing that Debian
had been previous my tool to get work done. My previous system to that was 
an Apple //e.

Linux trolls and hackers are much too clever for someone as simple as me. Thanks
for any help!

Kindest Regards,

Jason


Jason Kinney
Ethical Technologist & GUA
Surrey, BC, Canada
jkinney23 at yahoo.ca  ___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Interesting Read on Linux Permissions

[Linux O'Beardly via Dng]

I was "aware" of this, but I don't know that I understood it. I'm actually
not sure that I understand it now, but I'm more aware of it than I was
before.

https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf

-- 
Linux O'Beardly
@LinuxOBeardly
http://o.beard.ly
linux.obear...@gmail.com
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng