Linux功能会划分可能的特权操作吗?
[英]Do Linux capabilities partition the possible privileged operations?
问题描述
更准确地说,是否有任何一项操作可以使用一种以上的能力来授予流程必要的权限?
1 个解决方案
解决方案1
2 已采纳 2018-03-14 20:56:17
The short answer is yes. 
简短的答案是肯定的。
I would say the overarching model is that each operation is guarded by a single capability. 我要说的总体模型是,每个操作都由一个功能来保护。 However, there are certainly exceptions. 但是,当然也有例外。 At a glance through the kernel/ directory, I quickly found one example. 浏览完kernel /目录后,我迅速找到了一个示例。 The usermodehelper sysctl handler requires both CAP_SETPCAP and CAP_SYS_MODULE capabilities in order to update its settings. usermodehelper sysctl处理程序需要CAP_SETPCAP和CAP_SYS_MODULE功能才能更新其设置。
Another factor to consider: capability checks are sprinkled throughout the kernel code, including numerous drivers. 要考虑的另一个因素:功能检查遍布整个内核代码,包括众多驱动程序。 A driver writer can choose to check for capabilities in whatever way they deem best so there could well be one that requires the caller to hold multiple capabilities. 驱动程序编写者可以选择以自己认为最佳的方式检查功能,因此很可能需要调用者保留多个功能。
Finally, there are numerous other cases where a single operation might potentially use more than a single capability even though it fundamentally requires only one. 最后,在许多其他情况下,即使一个操作从根本上只需要一个功能,它可能会使用多个功能。 For example, consider a system call that requires a capability as a base but also takes a pathname argument for some operation. 例如,考虑一个系统调用,该调用需要以功能为基础,但也需要对某些操作使用pathname参数。 I found as example: pr_ctl system call with option PR_SET_MM and sub-option PR_SET_MM_EXE_FILE . 我找到了一个例子:带有选项PR_SET_MM和子选项PR_SET_MM_EXE_FILE pr_ctl系统调用。 This call requires CAP_SYS_RESOURCE foundationally. 此调用基本需要CAP_SYS_RESOURCE 。 However, it also requires certain permissions to the file. 但是,它也需要对文件的某些权限。 If the calling user doesn't have the right credentials to access the file, however, that permission can be overridden if the caller has CAP_DAC_OVERRIDE capability. 但是,如果主叫用户没有访问该文件的正确凭据,则在主叫方具有CAP_DAC_OVERRIDE功能的情况下,该权限可以被覆盖。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.