Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Linux 2.4: Next Generation Kernel Security

Linux 2.4: Next Generation Kernel Security

by phiber on March 2nd, 2001 One of the most obvious and significant improvements in the 2.4 kernel is the packet filtering capabilities. However, there are a number of other improvements that make Linux one of the most secure operating systems available.


As you know, the "root" user normally has complete control over all functions of a Linux box. Binding to a privileged port, loading kernel modules, and managing filesystems are examples of things that typically can only be done by root. If a regular user needed to run the "ping" command, for example, it was necessary to make it run with the privileges of the root user. The ping binary needs root privileges in order to open a raw socket (an operation managed by the kernel) to create the necessary ICMP packet for the echo request.



Another classic example is the time server, xntpd. In order to bind to the privileged ntp port, the daemon requires root privileges. If we could somehow simply supply the ntp daemon with root privileges for the time it takes to manipulate the system clock as the daemon starts, then lower its privileges to that of a normal user before processing actually starts, we can significantly reduce the potential for a programming error from compromising the whole system.



Once these privileges are relinquished, it's effectively gone until the next reboot. Even another root process cannot regain those privileges.



This is where capabilities become a critical next step in the evolution of system and kernel security. Capabilities support extends the UNIX security model and allows Linux to provide more fine-grained access to privileged system commands. It is a set of "rules" that can be assigned to processes, users, and files that even the root user must follow.



Linux 2.2 introduced basic support, but a modification by Chris Evans to the 2.4 kernel turned capabilities into a system that is largely useable and can be programmed into many of the common services, such as the ntp daemon. Chris' change involved a modification to the prctl() system call that permits a program implementing capabilities to retain its existing level of capabilities while switching from running as root to a non-root user.



Read the whole story on LinuxSecurity.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »