IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [capabilities]

A capability is a set of access rights granted to a subject, often transferable. Capabilities are a method for access control.

Capabilities are tokens that represent a set of access rights given to a principal in a system. The possession of a capability indicates that the principal has is authorized to make the access that the capability indicates. An example of a capability is “this process may access the file F”.

A dual approach to capabilities is access control lists, where the object contains the list of principals that may access it.

See also .

23 questions
16
votes
2 answers

Docker: when to use apparmor vs seccomp vs --cap-drop

Docker seems to support both apparmor and seccomp. Docker also allows to drop capabilities when running a container. However I couldn't find any documentation or guideline on when to use which approach. There seems to be a significant overlap in…
JackDaniels
  • 261
  • 2
  • 5
11
votes
2 answers

Difference between linux capabities and seccomp

I know seccomp (secure computing) is a way to restrict a process from making particular system calls. While linux capabilities provides a way to give privileges to specific user or process. So if I want to disable a process from making raw network…
mchawre
  • 213
  • 2
  • 7
9
votes
5 answers

What is the practical difference between MAC and Capabilities

Both Mandatory Access Controls and Capabilities allow for fine grained privileges to be assigned to applications irrespective or in place of privileges inherited by the running user. Is there any practical difference between these two approaches? I…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
6
votes
1 answer

What are the security implications of capabilities in Kubernetes pods?

We have a Kubernetes deployment with an application that need to be on a VPN. We implement this requirement by running openvpn-client in a sidecar container within the pod with elevated capabilities: securityContext: capabilities: add: -…
Cera
  • 111
  • 4
6
votes
2 answers

Combining capability-based access control with SAML

I have been looking into various research on identity, PKI and access control trying to boil it down to a simplified methodology for IAM (Identity & Access Management). One thing which pops up in lots of places is capability-based access control, as…
Rolf Rander
  • 288
  • 1
  • 8
6
votes
2 answers

What are the practical differences between SELinux targeted mode and a capability based OS?

I recently asked a question about the differences between capabilities and mandatory access controls. Among the answers I got the point was made that systems like SE Linux in targeted mode are not a typical MAC system, as the concern is not about…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
5
votes
1 answer

Capability-based security vs protection rings: in what sense are they diametrically opposite?

From https://en.wikipedia.org/wiki/Capability-based_security Capability-based security is to be contrasted with an approach that uses hierarchical protection domains. From https://en.wikipedia.org/wiki/Protection_ring hierarchical protection…
Tim
  • 617
  • 2
  • 7
  • 16
4
votes
1 answer

Privilege escalation writing /etc/passwd but without SUID permission on su

This is not an exercise, there might be no solution. We are producing a Docker image (based on CentOS) which is designed to be executed by a non-root user. However, this user has write access to /etc/passwd because he is in "root" group. Here are…
rt15
  • 41
  • 2
4
votes
1 answer

Why do capability-based security systems protect against the confused deputy problem?

According to Wikipedia (https://en.wikipedia.org/wiki/Confused_deputy_problem): In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect…
dippynark
  • 143
  • 4
4
votes
1 answer

Security implications of using SETCAP CAP_NET_RAW

In order to get around the 'problem' of applications requiring root privileges to run, I'm using: sudo setcap CAP_NET_ADMIN+ep "$(readlink -f /usr/sbin/app)" sudo setcap CAP_NET_RAW+ep "$(readlink -f /usr/sbin/app)" to be able to use the required…
Crizly
  • 2,597
  • 4
  • 18
  • 29
4
votes
1 answer

Are Linux System Capabilities Considered Mandatory Access Controls?

DAC is not mandatory because access permissions are left up to the resource owner's discretion. Mandatory Access Control (Smack, SELinux, etc) administration can only be accomplished by a process/user with CAP_MAC_ADMIN (or root). Since MAC…
Whome
  • 1,231
  • 11
  • 21
3
votes
2 answers

Do `sudo` and `su` belong to capability-based security?

In Linux, do sudo and su belong to Capability-based security ? For example, when editing a system file, we usually need sudo or su to temporarily switch to user root. Does this example belong to capability-based security, or to protection rings?…
Tim
  • 617
  • 2
  • 7
  • 16
2
votes
1 answer

What is the difference between claims and capabilities in access control?

I've read about the differences between capabilities and access control lists, but to me capabilities seem similar to claims. Can anyone explain the difference, if there is one?
Sámal Rasmussen
  • 231
  • 2
  • 8
2
votes
1 answer

Explanation of capabilities: CAP_NET_BIND_SERVICE

I am still studying kernel credential management (https://kernel.org/doc/html/v5.9/security/credentials.html) and I have encountered a use case I cannot explain. I am in a VM (Kali). ❯ uname -a Linux cactus-ths 5.18.0-kali5-amd64 #1 SMP…
cactuschibre
  • 155
  • 9
2
votes
1 answer

Container escape - CVE-2022-0492 - hybrid cgroups?

I saw the recent CVE-2022-0492 that can enable container escape, and I have a decent understanding of cgroups and container capabilities, but not very familiar with how hybrid cgroup v1/v2 works, nor how cgroups and capabilities work together.…
4oo4
  • 25
  • 4
1
2