'ae' daemon Privilege violation of operating with least privilege

ravthan / all-eyes

Automatically exported from code.google.com/p/all-eyes

0 stars 0 forks source link

'ae' daemon Privilege violation of operating with least privilege #89

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

'ae' daemon should not run with root permission, that too while connected to a 
port listening to outside connection.
It should run in the reduced privilege mode i.e. as ae userid, which is created 
during install,
ravi.

Original issue reported on code.google.com by ravt...@gmail.com on 20 Nov 2012 at 2:06

GoogleCodeExporter commented 8 years ago

Original comment by ravt...@gmail.com on 20 Nov 2012 at 3:00

Added labels: Security
Removed labels: Priority-Medium

GoogleCodeExporter commented 8 years ago

Original comment by ravt...@gmail.com on 20 Nov 2012 at 3:50

Changed title: 'ae' daemon Privilege violation of operating with least privilege
Added labels: Priority-High

GoogleCodeExporter commented 8 years ago

I tried to limit the 'ae' daemon's capability through using capabilities calls. 
 The Precise Gangolin release has problem with this even after installing 
libcap-dev using the command "apt-get install libcap-dev" as below.  Working 
with Ubuntu forum on this,
ravi.

Original comment by ravt...@gmail.com on 21 Nov 2012 at 5:19

Added labels: Ubuntudistributionspecificproblem

GoogleCodeExporter commented 8 years ago

Stripped 'ae' daemon of all the capabilities except setuid, setgid and chroot 
using Linux capabilities,
ravi.

r985

r981

Original comment by ravt...@gmail.com on 26 Nov 2012 at 8:00

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

Verified with unit testing

Original comment by tbrt....@gmail.com on 9 Dec 2012 at 9:24

Changed state: Verified