Authentication for binaries

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Authentication for binaries

Postby hightower » Tue Aug 20, 2002 8:49 am

Hi there,

as Brad wrote in the ACL Documentation:

> Administrative programs such as shutdown or reboot should require
> authentication, instead of giving everyone the capabilities to run them.

Sorry for an eventually stupid question, but how can I do this?
I understand it like someone logged in as root, do "reboot" and then "grsec Password:" ... Am I right?

Or is this completely different and has nothing to do with the ACL subsystem?

ciao, Marc
hightower
 
Posts: 49
Joined: Wed Mar 06, 2002 11:36 am

Postby spender » Wed Aug 21, 2002 9:14 am

No, what I meant was that for your ACLs, it wouldn't be wise to grant
CAP_SYS_REBOOT to /sbin/shutdown. Because then the attacker logged in as
root can just execute that program, since it does what they want. What you
should do is give the capability to /sbin/shutdown, but make /sbin/shutdown
hidden to everyone, so what you do is use gradm -a to enter admin mode,
which allows you to view /sbin/shutdown, then you run it.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to grsecurity support

cron