[rsbac] (no subject)

Martin Tomasek rsbac@rsbac.org
Fri May 3 10:31:01 2002
Previous message: [rsbac] (no subject)
Next message: [rsbac] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--/NkBOFFp2J2Af1nK
Content-Type: multipart/mixed; boundary="qMm9M+Fa2AknHoGS"
Content-Disposition: inline


--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> ... I was wondering how it is
> possible wit rsbac to stop users seeing other users
> processes, like in grsecurity.

Week ago, I extracted restricted proc patch from openwall (2.4ow0). It
removes others rights from /proc/$pid and fix some minor issues.
But remember, this will not bring to you any security, it's just weird
patch, which disables ps and pstree for processes of other uids
(excluding uid 0). You can still see pids in /proc. You can found
my patch in the attachment.

Amon, why have all /proc/$pid/fd directories greater rights with rsbac?
You have written in linux-2.4.18/fs/proc/base.c:
+  #ifdef CONFIG_RSBAC                                                     =
    =20
+  /* allow read, execute for group, others for administration */          =
    =20
+  E(PROC_PID_FD,       "fd",           S_IFDIR|S_IRUGO|S_IXUGO),          =
    =20
+  #else                                                                   =
    =20
   E(PROC_PID_FD,       "fd",           S_IFDIR|S_IRUSR|S_IXUSR),          =
    =20
+  #endif

--=20
Martin Tomasek, mtd@email.cz
BOFH excuse #429:
Temporal anomaly

--qMm9M+Fa2AknHoGS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="restricted_proc.diff"
Content-Transfer-Encoding: quoted-printable

diff -u fs/proc.orig/base.c fs/proc/base.c
--- fs/proc.orig/base.c	Mon Feb 25 20:38:09 2002
+++ fs/proc/base.c	Fri May  3 07:04:35 2002
@@ -669,7 +669,8 @@
 	inode->i_gid =3D 0;
 	if (ino =3D=3D PROC_PID_INO || task_dumpable(task)) {
 		inode->i_uid =3D task->euid;
-		inode->i_gid =3D task->egid;
+		if (inode->i_sb->s_root)
+			inode->i_gid =3D inode->i_sb->s_root->d_inode->i_gid;
 	}
=20
 out:
@@ -978,7 +979,7 @@
=20
 	if (!inode)
 		goto out;
-	inode->i_mode =3D S_IFDIR|S_IRUGO|S_IXUGO;
+	inode->i_mode =3D S_IFDIR|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP;
 	inode->i_op =3D &proc_base_inode_operations;
 	inode->i_fop =3D &proc_base_operations;
 	inode->i_nlink =3D 3;
diff -u fs/proc.orig/generic.c fs/proc/generic.c
--- fs/proc.orig/generic.c	Fri Sep  7 19:53:59 2001
+++ fs/proc/generic.c	Fri May  3 07:02:54 2002
@@ -389,7 +389,9 @@
 static void proc_kill_inodes(struct proc_dir_entry *de)
 {
 	struct list_head *p;
-	struct super_block *sb =3D proc_mnt->mnt_sb;
+	struct super_block *sb =3D proc_super;
+
+	if (!sb) return;
=20
 	/*
 	 * Actually it's a partial revoke().
@@ -476,12 +478,12 @@
 	return ent;
 }
=20
-struct proc_dir_entry *proc_mkdir(const char *name, struct proc_dir_entry =
*parent)
+struct proc_dir_entry *proc_mkdir_mode(const char *name, mode_t mode,
+		struct proc_dir_entry *parent)
 {
 	struct proc_dir_entry *ent;
=20
-	ent =3D proc_create(&parent,name,
-			  (S_IFDIR | S_IRUGO | S_IXUGO),2);
+	ent =3D proc_create(&parent, name, S_IFDIR | mode, 2);
 	if (ent) {
 		ent->proc_fops =3D &proc_dir_operations;
 		ent->proc_iops =3D &proc_dir_inode_operations;
@@ -489,6 +491,12 @@
 		proc_register(parent, ent);
 	}
 	return ent;
+}
+
+struct proc_dir_entry *proc_mkdir(const char *name,
+		struct proc_dir_entry *parent)
+{
+	return proc_mkdir_mode(name, S_IRUGO | S_IXUGO, parent);
 }
=20
 struct proc_dir_entry *create_proc_entry(const char *name, mode_t mode,
diff -u fs/proc.orig/inode.c fs/proc/inode.c
--- fs/proc.orig/inode.c	Sat Nov 17 20:24:32 2001
+++ fs/proc/inode.c	Fri May  3 07:05:05 2002
@@ -4,6 +4,7 @@
  *  Copyright (C) 1991, 1992  Linus Torvalds
  */
=20
+#include <linux/config.h>
 #include <linux/sched.h>
 #include <linux/proc_fs.h>
 #include <linux/kernel.h>
@@ -73,8 +74,6 @@
 	}
 }
=20
-struct vfsmount *proc_mnt;
-
 static void proc_read_inode(struct inode * inode)
 {
 	inode->i_mtime =3D inode->i_atime =3D inode->i_ctime =3D CURRENT_TIME;
@@ -153,6 +152,8 @@
 			inode->i_mode =3D de->mode;
 			inode->i_uid =3D de->uid;
 			inode->i_gid =3D de->gid;
+			if (sb->s_root)
+				inode->i_gid =3D sb->s_root->d_inode->i_gid;
 		}
 		if (de->size)
 			inode->i_size =3D de->size;
@@ -176,11 +177,15 @@
 	goto out;
 }		=09
=20
+struct super_block *proc_super =3D NULL;
+
 struct super_block *proc_read_super(struct super_block *s,void *data,=20
 				    int silent)
 {
 	struct inode * root_inode;
 	struct task_struct *p;
+
+	proc_super =3D s;
=20
 	s->s_blocksize =3D 1024;
 	s->s_blocksize_bits =3D 10;
diff -u fs/proc.orig/proc_tty.c fs/proc/proc_tty.c
--- fs/proc.orig/proc_tty.c	Sat Apr 22 00:17:57 2000
+++ fs/proc/proc_tty.c	Fri May  3 07:02:54 2002
@@ -128,7 +128,7 @@
 }
=20
 /*
- * Thsi function is called by register_tty_driver() to handle
+ * This function is called by tty_register_driver() to handle
  * registering the driver's /proc handler into /proc/tty/driver/<foo>
  */
 void proc_tty_register_driver(struct tty_driver *driver)
@@ -151,7 +151,7 @@
 }
=20
 /*
- * This function is called by unregister_tty_driver()
+ * This function is called by tty_unregister_driver()
  */
 void proc_tty_unregister_driver(struct tty_driver *driver)
 {
@@ -174,7 +174,13 @@
 	if (!proc_mkdir("tty", 0))
 		return;
 	proc_tty_ldisc =3D proc_mkdir("tty/ldisc", 0);
-	proc_tty_driver =3D proc_mkdir("tty/driver", 0);
+	/*
+	 * /proc/tty/driver/serial reveals the exact character counts for
+	 * serial links which is just too easy to abuse for inferring
+	 * password lengths and inter-keystroke timings during password
+	 * entry.
+	 */
+	proc_tty_driver =3D proc_mkdir_mode("tty/driver", S_IRUSR | S_IXUSR, 0);
=20
 	create_proc_read_entry("tty/ldiscs", 0, 0, tty_ldiscs_read_proc,NULL);
 	create_proc_read_entry("tty/drivers", 0, 0, tty_drivers_read_proc,NULL);
diff -u fs/proc.orig/root.c fs/proc/root.c
--- fs/proc.orig/root.c	Sun Oct 21 04:14:42 2001
+++ fs/proc/root.c	Fri May  3 07:10:01 2002
@@ -8,6 +8,7 @@
=20
 #include <asm/uaccess.h>
=20
+#include <linux/config.h>
 #include <linux/errno.h>
 #include <linux/sched.h>
 #include <linux/proc_fs.h>
@@ -30,12 +31,6 @@
 	int err =3D register_filesystem(&proc_fs_type);
 	if (err)
 		return;
-	proc_mnt =3D kern_mount(&proc_fs_type);
-	err =3D PTR_ERR(proc_mnt);
-	if (IS_ERR(proc_mnt)) {
-		unregister_filesystem(&proc_fs_type);
-		return;
-	}
 	proc_misc_init();
 	proc_net =3D proc_mkdir("net", 0);
 #ifdef CONFIG_SYSVIPC

--qMm9M+Fa2AknHoGS--

--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iEYEARECAAYFAjzSSaMACgkQzWKqGie3rqqCiwCfT4Fm+nTdIBqM8ILloNKYBVh4
UxgAoIXVgzGAeu3j02BCigJH9XeOQgLh
=W2PX
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--
Previous message: [rsbac] (no subject)
Next message: [rsbac] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]