Linux Capabilities: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 12: Line 12:
Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: [[Linux_Security_Concepts#Privileged_Process|privileged processes]] and [[Linux_Security_Concepts#Unprivileged_Process|unprivileged processes]]. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. An unprivileged process is a process with a non-zero its effective user ID. Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process' credentials: [[Linux_Security_Concepts#Effective_User_ID|effective UID]], [[Linux_Security_Concepts#Effective_Group_ID|effective GID]] and [[Linux_Security_Concepts#Supplementary_Group_List|supplementary group list]].
Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: [[Linux_Security_Concepts#Privileged_Process|privileged processes]] and [[Linux_Security_Concepts#Unprivileged_Process|unprivileged processes]]. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. An unprivileged process is a process with a non-zero its effective user ID. Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process' credentials: [[Linux_Security_Concepts#Effective_User_ID|effective UID]], [[Linux_Security_Concepts#Effective_Group_ID|effective GID]] and [[Linux_Security_Concepts#Supplementary_Group_List|supplementary group list]].


Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as '''Linux (or kernel) capabilities''', which can be independently enabled and disabled. Capabilities are a per-thread attribute.
Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as '''Linux (or kernel) capabilities''', which can be independently enabled and disabled. Instead of making a process privileged and giving it unlimited permissions, a much safer method from a security perspective is to give it access only to the kernel features it really requires. Capabilities are a per-thread attribute.




<font color=darkgray>TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Linux_Kernel_Capabilities</font>
<font color=darkgray>TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Linux_Kernel_Capabilities</font>

Revision as of 01:27, 2 March 2021

External

Internal

Overview

Traditional UNIX implementations distinguish two categories of processes for the purpose of performing permission checks: privileged processes and unprivileged processes. A privileged process is a process with its effective user ID is 0, referred to as superuser or root. An unprivileged process is a process with a non-zero its effective user ID. Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process' credentials: effective UID, effective GID and supplementary group list.

Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as Linux (or kernel) capabilities, which can be independently enabled and disabled. Instead of making a process privileged and giving it unlimited permissions, a much safer method from a security perspective is to give it access only to the kernel features it really requires. Capabilities are a per-thread attribute.


TODO reconcile https://kb.novaordis.com/index.php/Docker_Security#Linux_Kernel_Capabilities