Aitor,

This is a master class, and honestly, it's beyond my skill level, but I
really appreciate you explaining it so thoroughly.

Respectfully,

Linux O'Beardly

On Fri, Sep 9, 2022 at 4:27 PM aitor <aitor_czr@???> wrote:

> Hi O'Beardly
>
> On 9/9/22 13:48, Linux O'Beardly via Dng wrote:
>
> I was "aware" of this, but I don't know that I understood it. I'm actually not sure that I understand it now, but I'm more aware of it than I was before.
>
> https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf
>
>
>
> A file with the suid permissions always execute as the user who owns the file, regardless of the user passing the command.
>
> Let's put an example in C:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> int main()
> {
> setuid(0);
> system("apt-get update");
> return 0;
> }
>
> This program will update your devuan repo. Compile the code:
>
> $ gcc suid_example.c -o suid_example
>
> Before trying to run it, you must change the ownership of the given binary because you'll need admin permissions:
>
> $ sudo chown root:root suid_example
>
> In addition, the line 'setuid(0)' in the C code requires another step to be honored:
>
> $ sudo chmod u+s suid_example
>
> You've given suid permissions to the file. Indeed:
>
> $ ls -l suid_example
> -rwsr-xr-x 1 root root 16656 sep 9 21:09 suid_example
>
> Now run the binary, and your repo will be updated:
>
> $ ./suid_example
> Des:1 http://deb.devuan.org/merged chimaera InRelease [33,5 kB]
> Des:2 http://deb.devuan.org/merged chimaera-updates InRelease [26,1 kB]
> Des:3 http://deb.devuan.org/merged chimaera-security InRelease [26,2 kB]
> .....
> .....
>
> On the other hand, the goal of the linux capabilities is to escalate permissions of the binary from the low privilege (effective uid is not 0) in a less risky way than using suid.
> Such a binary cannot do whatever it pleases, because it's limited by the capability bounding set. Further information about linux capabilities:
> https://man7.org/linux/man-pages/man7/capabilities.7.html
>
> Consider the following program:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/capability.h>
> #include <signal.h>
>
> int main(int argc, char **argv)
> {
> kill(atoi(argv[1]), SIGTERM);
> return 0;
> }
>
> In order to compile the program you need to install 'libcap-dev':
>
> $ sudo apt-get install libcap-dev
>
> Build the program:
>
> $ gcc cap_example.c -o cap_example -lcap
>
> The generated binary will terminate a concrete process, whenever the PID of the process is received as an argument in the command line.
> However, if the given process is a root process, obviously you will not be able to kill it as a mortal user.
> You'll need a concrete linux capability then, called CAP_KILL.
>
> The way to get so called capability is:
>
> $ sudo /sbin/setcap cap_kill+ep cap_example
>
>
> The additional flags (+ep) mean effective-set and permitted-set. I'm not going into details.
>
> Now open another terminal and run a root process, for the sake of example, synaptic.
>
> You can pass the pid of the running process as an argument to the compiled binary using the following pipe:
>
> $ pidof synaptic | xargs cap_example
>
> ... And the root process, i.e. synaptic, terminates.
>
> HTH,
>
> Aitor.
>
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>


--
Linux O'Beardly
@LinuxOBeardly
http://o.beard.ly
linux.obeardly@???