[systemd-devel] question about SecureBits / NoNewPrivileges
Reindl Harald
h.reindl at thelounge.net
Thu Jul 25 11:17:36 PDT 2013
Am 25.07.2013 20:00, schrieb Lennart Poettering:
> On Sat, 20.07.13 04:06, Reindl Harald (h.reindl at thelounge.net) wrote:
>
>> Hi
>>
>> i try to secure the Apache-Webserver (mpm-prefork) as much as possible
>>
>> am i right that with the following settings in the systemd-unit after the child-process
>> is forked with the "apache" user and the capabilities are reduced as below even a
>> potential root exploit would have no success? "SecureBits=noroot" fails i guess
>> because it even disallows the parent-process to run as root after
>> start
>
> IIRC combining NoNewPrivileges with CAP_SETUID doesn't really make much
> sense as the latter is one way how to gain new privs, but the former
> doesn't allow this
well, but httpd needs CAP_SETUID to *lower* the privileges after start
for the child-processes and needs root at startup as well as for the
master-prcoess which opens logfiles and othe filehandles not allowed
to do for the user "apache"
that is why my idea of the setting is "OK, once you dropped your privileges
nothing will allow to get back root permissions"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130725/fa48a943/attachment.pgp>
More information about the systemd-devel
mailing list