Process spawning should expose the ability to drop capabilities on linux #12137
Comments
|
There are two ways to go about this, I think: either drop individual capabilities with capset() or simply drop everything with The first option is more flexible but you need to deal with capset()'s convoluted interfaces (plural intentional) and you may have to special-case for kernels without file-based capability support. |
|
This feature should be available even outside the process spawning (i.e. post-execution). |
|
Closing in favor of rust-lang/rfcs#941 |
7 tasks
bors
added a commit
to rust-lang-ci/rust
that referenced
this issue
Jul 25, 2022
…eykril feat: Lower values of char and byte literals Closes rust-lang#12137
flip1995
pushed a commit
to flip1995/rust
that referenced
this issue
Jan 25, 2024
…rsion-false-positive, r=llogiq Fix false positive in `PartialEq` check in `unconditional_recursion` lint Fixes rust-lang/rust-clippy#12133. We needed to check for the type of the previous element <del>in case it's a field</del>. EDIT: After some extra thoughts, no need to check if it's a field, just if it's the same type as `Self`. r? `@llogiq` changelog: Fix false positive in `PartialEq` check in `unconditional_recursion` lint
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
More information can be found in this comment: #12085 (comment)
The idea is that when you attempt to drop privileges when spawning (
setuid,setgidetc) you should in theory be dropping all privileges of the previous user. We're already doing some special stuff withsetgroups, and it sounds like capabilities should also be dropped.cc @bnoordhuis
The text was updated successfully, but these errors were encountered: