R: [rsbac] secure module handling

Amon Ott rsbac@rsbac.org
Tue Sep 10 17:27:01 2002

Previous message: R: [rsbac] secure module handling
Next message: [rsbac] sendmail under running non-root
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------Boundary-00=_01B89ENH26JEPT768IRH
Content-Type: text/plain;
  charset="iso-8859-2"
Content-Transfer-Encoding: 8bit

On Tuesday, 10. September 2002 16:23, Alberto Guglielmo wrote:
> But something weird remains. Excuse me if the mailer wraps, but I want to
> insert a couple of lines from the log, obtained in "soft mode", when the
> machine loads the ethernet modules:
> 
> Sep 10 12:20:58 dns1 kernel: rsbac_adf_request(): request WRITE, pid 74, 
ppid
> 73, prog_name modprobe, uid 0, target_type FIFO, tid Device 00:05 Inode 94
> Path pipe:/[94], attr , value 0, result NOT_GRANTED by RC
> Sep 10 12:20:58 dns1 kernel: rsbac_adf_request(): request WRITE, pid 81, 
ppid
> 80, prog_name modprobe, uid 0, target_type FIFO, tid Device 00:05 Inode 101
> Path pipe:/[101], attr , value 0, result NOT_GRANTED by RC
> 
> If I modprobe or insmod manually (I tried with the parallel port modules) I
> cannot reproduce the behaviour, all goes fine.

This looks like an unnamed pipe, which somehow did not get its device set to 
0. After rechecking the code, I found that 2.4 kernels no longer initialize 
the device of new pipe inodes to 0, but to the device of the pipefs 
superblock. Instead, unnamed pipes get a special PIPEFS_MAGIC.

The attached patch against fs/read_write.c of 2.4.19 should fix your problem. 
Please test it and tell me what happened!

Amon.
--
http://www.rsbac.org

--------------Boundary-00=_01B89ENH26JEPT768IRH
Content-Type: text/x-diff;
  charset="iso-8859-2";
  name="pipefs.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pipefs.diff"

LS0tIHJlYWRfd3JpdGUuY34JTW9uIEF1ZyAgNSAxNjowOTo1MCAyMDAyCisrKyByZWFkX3dyaXRl
LmMJVHVlIFNlcCAxMCAxNzoxNTo1OSAyMDAyCkBAIC0yMTcsNyArMjE3LDcgQEAKICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgI2VuZGlmCiAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIGlmKCAgIFNfSVNGSUZPKGZpbGUtPmZfZGVudHJ5LT5kX2lub2RlLT5pX21vZGUpCiAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC8qIG5hbWVkIEZJRk8gb25seSAq
LwotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAmJiBmaWxlLT5mX2RlbnRyeS0+
ZF9pbm9kZS0+aV9kZXYKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJiYgKGZp
bGUtPmZfZGVudHJ5LT5kX3NiLT5zX21hZ2ljICE9IFBJUEVGU19NQUdJQykKICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICApCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgewogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcnNiYWNfdGFyZ2V0ID0g
VF9GSUZPOwpAQCAtMzQ5LDcgKzM0OSw3IEBACiAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICNlbmRpZgogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiggICBTX0lTRklG
TyhmaWxlLT5mX2RlbnRyeS0+ZF9pbm9kZS0+aV9tb2RlKQogICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAvKiBuYW1lZCBGSUZPIG9ubHkgKi8KLSAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgJiYgZmlsZS0+Zl9kZW50cnktPmRfaW5vZGUtPmlfZGV2CisgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICYmIChmaWxlLT5mX2RlbnRyeS0+ZF9zYi0+
c19tYWdpYyAhPSBQSVBFRlNfTUFHSUMpCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIHJzYmFjX3RhcmdldCA9IFRfRklGTzsKQEAgLTUzMiw3ICs1
MzIsNyBAQAogICAgICAgICAgICAgICAgICNlbmRpZgogICAgICAgICAgICAgICAgIGlmKCAgIFNf
SVNGSUZPKGlub2RlLT5pX21vZGUpCiAgICAgICAgICAgICAgICAgICAgLyogbmFtZWQgRklGTyBv
bmx5ICovCi0gICAgICAgICAgICAgICAgICAgJiYgaW5vZGUtPmlfZGV2CisgICAgICAgICAgICAg
ICAgICAgJiYgKGlub2RlLT5pX3NiLT5zX21hZ2ljICE9IFBJUEVGU19NQUdJQykKICAgICAgICAg
ICAgICAgICAgICkKICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgcnNi
YWNfdGFyZ2V0ID0gVF9GSUZPOwo=

--------------Boundary-00=_01B89ENH26JEPT768IRH--

Previous message: R: [rsbac] secure module handling
Next message: [rsbac] sendmail under running non-root
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]