ttyperm i inne na stale? (fwd)

Marcin Bohosiewicz marcus w venus.wis.pk.edu.pl
Czw, 15 Paź 1998, 11:42:04 CEST 

Otrzymalem cos takiego od Michala. Moze ktos przetestuje jak to dziala?

M.
-- 
-| == Marcin Bohosiewicz            marcus w venus.wis.pk.edu.pl == |-
-| == tel. +48 (0-601) 48-50-97     marcus w krakow.linux.org.pl == |-
-| == Strona Domowa    -    http://venus.wis.pk.edu.pl/marcus/ == |-
-| == PLUG - Komisja Rewizyjna    -   http://www.linux.org.pl/ == |-

---------- Forwarded message ----------
Date: Tue, 1 Sep 1998 19:44:25 +0200 (CEST)
From: Michal Zalewski <lcamtuf w ids.pl>
To: marcus w venus.wis.pk.edu.pl
Subject: ttyperm i inne na stale?

Jakis czas temu pytales, czy nie daloby sie zrobic ttyperm'a na stale w
kernelu, a nie jako modul (ze wzgledu na roznice miedzy platformami itp).
Wiec oto i jest - patch do 2.0.35 - przy okazji zrobilem tam tez patcha na
dosc powazna dziure przy execve. Troche to niechlujne, nawet nie mialem
czasu przetestowac, ale coz ;-)

Napisalem tez cos do Solara, jest mozliwe, ze secure-linux-5 bedzie
zawieral w/w 'udogodnienia' (jesli bedzie mu sie chcialo ;-). 

_______________________________________________________________________
Michal Zalewski [lcamtuf w ids.pl] [ENSI / marchew] [dione.ids.pl SYSADM]
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
-------------- następna część ---------
--- linux/Documentation/Configure.help.orig	Mon Jul 13 22:47:25 1998
+++ linux/Documentation/Configure.help		Tue Sep  1 19:22:41 1998
@@ -3309,6 +3309,29 @@
   will skip detection and configuration after all.
   N.B. options are case sensitive.
   Read Documentation/cdrom/isp16 for details.
+  
+Non-readable executables patch
+CONFIG_NOREAD_EXEC
+  Enable this option to fix Linux semantic problems on non-readable
+  executables. Linux allows unprivledged users to ptrace or dump core
+  of executable, even if it's marked as 'executable only' (user has
+  no read privledges). If you don't want this 'feature' - say 'Y' here.
+  Feedback, bug-reports: Michal Zalewski <lcamtuf w ids.pl>
+
+Secure tty allocation
+CONFIG_TTYPERM
+  Enable this option to fix Linux semantic problems on tty allocation.
+  With this experimental patch, even unprivledged program can perform
+  proper tty allocation (without it, it's still possible to allocate
+  tty, but it won't be secure due to permissions/ownership problems).
+  This patch makes programs like Midnight Commander or rxvt secure,
+  and allows you to have nonsuid screen, xterm etc. DO NOT answer 'Y'
+  here just to execute 'chmod -s' on every setuid program lying on your
+  disk. It's safe to do it with xterm, but eg. screen needs more work
+  (you have to change default screen sockets directory to something
+  more private than /tmp/screens - 'export SCREENDIR=~/tmp' in login
+  scripts should be fine). Conservative people - say 'N'.
+  Feedback, bug-reports: Michal Zalewski <lcamtuf w ids.pl>
 
 Quota support
 CONFIG_QUOTA
--- linux/fs/Config.in.orig	Mon Jul 13 22:47:34 1998
+++ linux/fs/Config.in	Tue Sep  1 18:48:35 1998
@@ -4,6 +4,11 @@
 mainmenu_option next_comment
 comment 'Filesystems'
 
+if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+  bool 'Non-readable executables exec patch (EXPERMENTAL)' CONFIG_NOREAD_EXEC
+  bool 'Secure tty allocation (EXPERIMENTAL)' CONFIG_TTYPERM
+fi
+
 bool	 'Quota support' CONFIG_QUOTA
 tristate 'Minix fs support' CONFIG_MINIX_FS
 tristate 'Extended fs support' CONFIG_EXT_FS
--- linux/fs/exec.c.orig	Mon Jul 13 22:47:34 1998
+++ linux/fs/exec.c		Tue Sep  1 18:46:06 1998
@@ -659,8 +659,15 @@
 int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs)
 {
 	struct linux_binprm bprm;
-	int retval;
+	int retval, acc;
 	int i;
+	
+	#ifdef CONFIG_NOREAD_EXEC
+
+        acc=sys_access(filename,4);
+        if (acc && (current->flags & PF_PTRACED)) return -EPERM;
+	
+	#endif /* CONFIG_NOREAD_EXEC */
 
 	bprm.p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
 	for (i=0 ; i<MAX_ARG_PAGES ; i++)	/* clear page-table */
@@ -691,9 +698,14 @@
 
 	if(retval>=0)
 		retval = search_binary_handler(&bprm,regs);
-	if(retval>=0)
+	if(retval>=0) {
 		/* execve success */
+		#ifdef CONFIG_NOREAD_EXEC
+		if (acc) current->dumpable=0;
+		#endif /* CONFIG_NOREAD_EXEC */
 		return retval;
+		
+	}
 
 	/* Something went wrong, return the inode and free the argument pages*/
 	if(!bprm.dont_iput)
--- linux/fs/open.c.orig	Sat Nov 30 11:21:19 1996
+++ linux/fs/open.c		Tue Sep  1 18:46:43 1998
@@ -22,6 +22,8 @@
 #include <asm/segment.h>
 #include <asm/bitops.h>
 
+#include <linux/config.h>
+
 asmlinkage int sys_statfs(const char * path, struct statfs * buf)
 {
 	struct inode * inode;
@@ -574,7 +576,7 @@
 asmlinkage int sys_open(const char * filename,int flags,int mode)
 {
 	char * tmp;
-	int fd, error;
+	int fd, error, old_fsuid, old_fs;
 
 	fd = get_unused_fd();
 	if (fd < 0)
@@ -582,6 +584,22 @@
 	error = getname(filename, &tmp);
 	if (!error) {
 		error = do_open(tmp,flags,mode, fd);
+		
+		#ifdef CONFIG_TTYPERM
+		
+		if (!error && strncmp("/dev/pty",tmp,8)) {
+		  tmp[5]='t';
+  	          current->fsuid!=(old_fsuid=current->fsuid);
+		  old_fs=get_fs();
+		  set_fs(get_ds());
+		  sys_chown(tmp,current->uid,current->gid);
+		  sys_chmod(tmp,0600);
+		  set_fs(old_fs);
+		  current->fsuid=old_fsuid;
+		}
+		
+		#endif /* CONFIG_TTYPERM */
+		
 		putname(tmp);
 		if (!error)
 			return fd;

Więcej informacji o liście dyskusyjnej pld-devel-pl