Originally Published: Tuesday, 30 November 1999 Author: Joseph Gooch
Published to: develop_articles/Development Articles Page: 1/1 - [Std View]


Interested in adding flavor to your distribution? This week's hack was written by Joseph Gooch, which includes an introduction to "WizMods" and an article on adding Linux Capabilities to your system.

Linux is a wonderful operating system. I don't think any other operating system is as modular or customizable as Linux is. The concept of having a core, the kernel, and then having different sets of tools to make up a distribution makes every Linux distribution different, and yet all of them are Linux. That's where it all started. I installed Linux (Slackware at the time) on my system. It doesn't matter which distribution I install, the first week after install is when the magic happens. You see, since Linux is so flexible, every maintainer has their own style, their own little quirks. Redhat has had the same command prompt for as long as I can remember, [user@host short-dir]$, and everytime I see it my skin crawls. Every install I have to change it to what I like. People can choose to use csh, bash, zsh, ash, et al. So basically I spend my first week replacing all the stuff that I hate, with all the stuff I don't, and I enjoy doing it. It's just great to have such a flexible and powerful operating system.

WizMods are my way of customizing my systems. (my irc name is ]Wizard[, my usernames are all wizard or mrwizard, you may have heard of me from one of Jim Hewlett's articles) I suppose it stands for Wiz's Modifications. They're very haphazard too in the sense that I'll see bash's prompt, cringe, recover, and then go fix it. Then I figure out what I changed, which packages were affected, and go make it permanent. Then I store my source rpms for later. I'll cover the easy mods, like the prompt, at another time.

For a while I had some features I added to my systems. One that I've stopped using was adding SHA1 support to crypt() in glibc. I~Rve dropped it because I've decided MD5 is sufficient for now, and I could better spend my time making sure people don't get my /etc/shadow file in the first place. Other features include capabilities. I thought, "Man, it would be cool if I had a system that could support capabilities!" My mind was racing. Imagine someone exploiting named, and being left with a shell that doesn't have access to set the time, let alone read my passwords or wreak havoc. I downloaded libcap from ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/ and started playing. I found that the tools in this library were broken. Execcap, a program supposed to run a specified program under a different user with lower privs, didn't work, because the kernel was in "capability mode", and the exec() calls were dropping privileges. So execcap would set everything up for the program it wanted to run, but then the kernel would strip the privileges when execcap tried to run the program anyway. The only way around it that I could see was to have the programs themselves be aware of capabilities. If exec() was never called, the privileges would never be dropped.

So, I started hacking into libcap's code. I added a function called cap_set_me_up() to libcap, which does everything that execcap does, but without running exec(). While testing this I modded getpcaps to also return the capabilities of getpcaps itself, so I could see how inheritance was working. (If you've read Jim's article that would be all the (null) entries) Granted that part is coded very badly, I just let it printf a NULL pointer. Luckily every libc I've tried it on just prints (null), if one ever crashes, it'll be my fault. But I digress, it worked for me, so I moved on. But that's all you're going to get out of me for now, as I've outlined the modifications to libcap.

Here's where to get the source rpm for libcap. If you have rpm on your system, you can just compile it using rpm --install, and then rpm -ba on the spec file. Or, you could use rpm2cpio to convert the source rpm to a cpio archive, extract the files, steal the patch I made, etc. rpm2targz exists too. Basically there are many tools that exist that will allow you to read and use this file. I'd rather not split up all my source rpms. It just makes headaches for me. :)


Happy coding, see you next time.

Address all comments, suggestions, or questions to mrwizard@linux.com. I'll try to answer all I can.

Joseph Gooch is a freelance Systems Administrator with over 6 years of experience with Windows 9x, NT, Netware, and Linux machines. He also has experience as a Network Engineer and a Programmer. He is currently attending Penn State University working on his Computer Science degree.