Restrict the privileges given to authpolicyd by CAP_SETUID |
||
Issue descriptionAs of https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/1055871, we have the ability to restrict CrOS system services to only switching to users that we whitelist for use. Might as well apply this to authpolicyd, similar to what was done for cros-disks in https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1296792 and shill in https://chromium-review.googlesource.com/c/chromiumos/platform2/+/1222569
,
Dec 1
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/e87070cb85f2e86de54b347c667b3600b593602c commit e87070cb85f2e86de54b347c667b3600b593602c Author: Micah Morton <mortonm@chromium.org> Date: Sat Dec 01 09:08:38 2018 authpolicy: add process management policy whitelist file Install file to rootfs that was added in CL:1355511 CQ-DEPEND=CL:1355511 BUG= chromium:910316 TEST=enterprise_AuthPolicyDaemonServer.auth Change-Id: I9218e0f9d84ea16af1a339ae50d375f585f87c50 Reviewed-on: https://chromium-review.googlesource.com/1355510 Commit-Ready: Micah Morton <mortonm@chromium.org> Tested-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Micah Morton <mortonm@chromium.org> [modify] https://crrev.com/e87070cb85f2e86de54b347c667b3600b593602c/chromeos-base/authpolicy/authpolicy-9999.ebuild
,
Dec 1
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/70acff49d38d080d4238d50a41ed6a46b61293f7 commit 70acff49d38d080d4238d50a41ed6a46b61293f7 Author: Micah Morton <mortonm@chromium.org> Date: Sat Dec 01 09:08:39 2018 authpolicy: whitelist 'authpolicyd-exec' user for UID change CL:1055871 extends the chromiumos LSM to support configuring per-UID policies in CrOS that restrict which other UIDs can be switched to by processes spawned under the restricted UID. This policy also determines the UIDs to which a user can set the saved set-UID. Configure a policy to be applied to the authpolicyd user, so authpolicyd can only set its saved set-UID to the 'authpolicyd-exec' user and can't perform any other actions granted by CAP_SETUID. Check crbug.com/910316 for examples of other system services we have restricted in CrOS with this LSM functionality. NOTE: with this change in, it would be fine to give authpolicyd full CAP_SETUID rights since the LSM will ensure that the only thing it can do with those rights is switch to the 'authpolicyd-exec' user. I haven't done that refactoring in this CL. CQ-DEPEND=CL:1355510 BUG= chromium:910316 TEST=enterprise_AuthPolicyDaemonServer.auth Change-Id: I56a8c5c58068c61d5925a34cb1e77e88c876ee55 Reviewed-on: https://chromium-review.googlesource.com/1355511 Commit-Ready: Micah Morton <mortonm@chromium.org> Tested-by: Micah Morton <mortonm@chromium.org> Reviewed-by: Micah Morton <mortonm@chromium.org> [add] https://crrev.com/70acff49d38d080d4238d50a41ed6a46b61293f7/authpolicy/setuid_restrictions/authpolicyd_whitelist.txt
,
Dec 3
|
||
►
Sign in to add a comment |
||
Comment 1 by osh...@chromium.org
, Nov 30