Project

General

Profile

Actions

Feature #2375

open

Design and implement sensible per-thread capabilities

Added by Richard Sailer over 6 years ago. Updated over 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
medium
Difficulty:
low
Label:

Description

It would be a good security improvement if threads could only do what they need to do.
(e.g. A thread that does not need to write to disk also has no capability to do so, etc.).
And linux capabilities are a per-thread attribute (man attributes)

This would contain at least the following subtasks:

  • Define sensible capability sets for indivudial thread modules
  • check out SCDropCaps() and the libcap-ng bug, which prevented this feature earlier (still there?)
  • Implement mechanics to declare and set needed capabilities per thread module
  • What to do if a thread changes its thread modules? Can this happen?

This maybe is a bigger change and lots of work, but I would like to do it,
so I flagged it low priority and TBD. Any thoughts on this?

And I should note: this would be linux only since capabilities are a linux feature. FreeBSD has something related called capsicum, but the library we use (libcap-ng) is linux only.


Related issues 1 (1 open0 closed)

Related to Suricata - Feature #276: Libcap support for dropping privilegesNewCommunity TicketActions
Actions

Also available in: Atom PDF