-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Process spawning should expose the ability to drop capabilities on linux #12137
Comments
There are two ways to go about this, I think: either drop individual capabilities with capset() or simply drop everything with The first option is more flexible but you need to deal with capset()'s convoluted interfaces (plural intentional) and you may have to special-case for kernels without file-based capability support. |
This feature should be available even outside the process spawning (i.e. post-execution). |
Closing in favor of rust-lang/rfcs#941 |
…eykril feat: Lower values of char and byte literals Closes rust-lang#12137
…rsion-false-positive, r=llogiq Fix false positive in `PartialEq` check in `unconditional_recursion` lint Fixes rust-lang/rust-clippy#12133. We needed to check for the type of the previous element <del>in case it's a field</del>. EDIT: After some extra thoughts, no need to check if it's a field, just if it's the same type as `Self`. r? `@llogiq` changelog: Fix false positive in `PartialEq` check in `unconditional_recursion` lint
More information can be found in this comment: #12085 (comment)
The idea is that when you attempt to drop privileges when spawning (
setuid
,setgid
etc) you should in theory be dropping all privileges of the previous user. We're already doing some special stuff withsetgroups
, and it sounds like capabilities should also be dropped.cc @bnoordhuis
The text was updated successfully, but these errors were encountered: