dhcpcd-discuss

On 2018/06/23 18:41, Neal P. Murphy wrote:
> On linux, kernel capabilities are used to allow programs to performs certain privileged actions without being root. For example, you could probably do something like:
> ----
> root# setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_RAW+eip /usr/sbin/dhcpcd
> ----
> 
> The '+eip' makes the capabilities effective, inheritable and permmitted. To verify:
> ----
> root# getcap dhcpcd
> dhcpcd = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+eip
> ----
> 
> dhcpcd would then be able to perform most net-related actions even though it is running as a non-root user. Another example, giving /bin/ping cap_net_raw lets it do its thing without having to be setuid root. Also, PAM can be used to give specific users specific privileges.
> 
> Does BSD or any other 'popular' OS have anything like Linux's kernel capabilities?
> 
> (See 'man 7 capabilities'.)

There isn't a single "BSD", I don't know about others but OpenBSD
doesn't have this. But it's not just about capabilities - having a
separate address space for parts with a different privilege boundaries
is an additional limit on what one part can do if subverted. (On OpenBSD
there's an additional thing that can be done, the syscalls used by each
part can be evaluated separately and "pledge" can be used to disable
unneeded ones, giving additional protection).

As the OpenBSD port maintainer for dhcpcd it's something I'd quite like
to have, but it's going to be a reasonable amount of work, especially
if it needs to be disable-able via #ifdefs..