2013-03-12

Revisiting kernel capability usage statistics

Revisiting my earlier statistics on capability use in the Linux 3.2 kernel source, things are not getting better for  CAP_SYS_ADMIN. The statistics below are for Linux 3.9-rc2. By comparison with Linux 3.2, total uses of CAP_* constants in the kernel sources have risen by 10.6% (1242 versus 1167) and total uses of CAP_SYS_ADMIN have risen by slightly more: 11.1% (502 versus 451). This article remains relevant, and digging a bit deeper, overly broad range seems to be a problem that afflicts not just CAP_SYS_ADMIN and CAP_NET_ADMIN about also (at least) CAP_SYS_RAWIO, as the discussion in this thread on the proposed CAP_COMPROMISE_KERNEL capability shows.

Capability#uses#files
CAP_AUDIT_CONTROL22
CAP_AUDIT_WRITE11
CAP_BLOCK_SUSPEND32
CAP_CHOWN42
CAP_DAC_OVERRIDE21
CAP_DAC_READ_SEARCH53
CAP_FOWNER118
CAP_FSETID97
CAP_IPC_LOCK149
CAP_IPC_OWNER11
CAP_KILL22
CAP_LEASE11
CAP_LINUX_IMMUTABLE1414
CAP_MAC_ADMIN285
CAP_MAC_OVERRIDE52
CAP_MKNOD33
CAP_NET_ADMIN399188
CAP_NET_BIND_SERVICE1512
CAP_NET_BROADCAST00
CAP_NET_RAW2012
CAP_SETFCAP32
CAP_SETGID116
CAP_SETPCAP22
CAP_SETUID94
CAP_SYS_ADMIN502257
CAP_SYS_BOOT22
CAP_SYS_CHROOT22
CAP_SYSLOG22
CAP_SYS_MODULE53
CAP_SYS_NICE148
CAP_SYS_PACCT11
CAP_SYS_PTRACE115
CAP_SYS_RAWIO6943
CAP_SYS_RESOURCE3825
CAP_SYS_TIME1911
CAP_SYS_TTY_CONFIG115
CAP_WAKE_ALARM21
Total1242654