By: Linus Torvalds (torvalds.delete@this.linux-foundation.org),
Room: Moderated Discussions
Jeff S. (fakity.delete@this.fake.com) on March 5, 2019 6:14 am wrote:
>
> On that note, if you're lurking out there Linus, would it be remotely realistic to hope for a
> new CAP_SYS_PAGEMAP in the mainline? (implied by CAP_SYS_ADMIN for backwards compat I guess)
We don't really end up doing new CAP_xyz capabilities, the maintenance is too painful, and nobody ends up using capabilities correctly anyway.
You're much better off having some trivial suid binary that opens up the pagemap file for you, and then drops privileges. That kind of "I'm _aware_ of my privileges" model tends to be both simpler and more secure than the "oh, I depend on this obscure privilege thing that nobody even thinks about", and that you then leak by mistake.
Linus
>
> On that note, if you're lurking out there Linus, would it be remotely realistic to hope for a
> new CAP_SYS_PAGEMAP in the mainline? (implied by CAP_SYS_ADMIN for backwards compat I guess)
We don't really end up doing new CAP_xyz capabilities, the maintenance is too painful, and nobody ends up using capabilities correctly anyway.
You're much better off having some trivial suid binary that opens up the pagemap file for you, and then drops privileges. That kind of "I'm _aware_ of my privileges" model tends to be both simpler and more secure than the "oh, I depend on this obscure privilege thing that nobody even thinks about", and that you then leak by mistake.
Linus