Some patches for ppp_generic.c and proc/base.c

From: samsonov
Date: Thu May 19 2011 - 07:09:23 EST

Next message: Dave Martin: "Re: [PATCH v2] arm: Add unwinding support for division functions"
Previous message: Ralf Baechle: "Re: [PATCH v4] MIPS: HIGHMEM DMA on noncoherent MIPS32 processors"
Next in thread: Jesper Juhl: "Re: Some patches for ppp_generic.c and proc/base.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good day!
I mean that /proc file permission for process information must be
secure:

--- ./linux-2.6.33.4.orig/fs/proc/base.c 2010-05-13 02:04:27.000000000 +0400
+++ ./linux-2.6.33.4/fs/proc/base.c 2011-05-16 15:36:29.385923198 +0400
@@ -2570,11 +2570,11 @@
static const struct inode_operations proc_task_inode_operations;

static const struct pid_entry tgid_base_stuff[] = {
- DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
- DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
- DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
+ DIR("task", S_IWUSR|S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
+ DIR("fd", S_IWUSR|S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
+ DIR("fdinfo", S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
#ifdef CONFIG_NET
- DIR("net", S_IRUGO|S_IXUGO, proc_net_inode_operations, proc_net_operations),
+ DIR("net", S_IRUGO|S_IWUSR|S_IXUGO, proc_net_inode_operations, proc_net_operations),
#endif
REG("environ", S_IRUSR, proc_environ_operations),
INF("auxv", S_IRUSR, proc_pid_auxv),
@@ -2608,7 +2608,7 @@
REG("pagemap", S_IRUSR, proc_pagemap_operations),
#endif
#ifdef CONFIG_SECURITY
- DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
+ DIR("attr", S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
#ifdef CONFIG_KALLSYMS
INF("wchan", S_IRUGO, proc_pid_wchan),
@@ -2767,7 +2767,7 @@
if (!inode)
goto out;

- inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+ inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP;
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
@@ -2909,8 +2909,8 @@
* Tasks
*/
static const struct pid_entry tid_base_stuff[] = {
- DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
- DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
+ DIR("fd", S_IRUSR|S_IWUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
+ DIR("fdinfo", S_IRUSR|S_IWUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
REG("environ", S_IRUSR, proc_environ_operations),
INF("auxv", S_IRUSR, proc_pid_auxv),
ONE("status", S_IRUGO, proc_pid_status),
@@ -2942,7 +2942,7 @@
REG("pagemap", S_IRUSR, proc_pagemap_operations),
#endif
#ifdef CONFIG_SECURITY
- DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
+ DIR("attr", S_IRUGO|S_IWUSR|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
#ifdef CONFIG_KALLSYMS
INF("wchan", S_IRUGO, proc_pid_wchan),
@@ -3008,7 +3008,7 @@

if (!inode)
goto out;
- inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
+ inode->i_mode = S_IFDIR|S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP;
inode->i_op = &proc_tid_base_inode_operations;
inode->i_fop = &proc_tid_base_operations;
inode->i_flags|=S_IMMUTABLE;

This example is for system with private system groups, with common
system group the processes dirs in proc must have permissions 600, IMHO.

In ppp driver IMHO:

--- ./linux-2.6.33.4.orig/drivers/net/ppp_generic.c 2010-05-13 02:04:27.000000000 +0400
+++ ./linux-2.6.33.4/drivers/net/ppp_generic.c 2011-05-10 13:51:11.909607463 +0400
@@ -366,8 +366,8 @@
/*
* This could (should?) be enforced by the permissions on /dev/ppp.
*/
- if (!capable(CAP_NET_ADMIN))
- return -EPERM;
+// if (!capable(CAP_NET_ADMIN))
+// return -EPERM;
return 0;
}

I mean, that change group of file must able fileowner (CAP_FOWNER), but
not the CAP_CHOWN. May be I right?

--- ./linux-2.6.33.4.orig/fs/attr.c 2010-05-13 02:04:27.000000000 +0400
+++ ./linux-2.6.33.4/fs/attr.c 2011-05-10 14:25:57.727062904 +0400
@@ -35,11 +35,10 @@

/* Make sure caller can chgrp. */
if ((ia_valid & ATTR_GID) &&
- (current_fsuid() != inode->i_uid ||
- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
- !capable(CAP_CHOWN))
+ !(in_group_p(attr->ia_gid) && is_owner_or_cap(inode)))
goto error;

+
/* Make sure a caller can chmod. */
if (ia_valid & ATTR_MODE) {
if (!is_owner_or_cap(inode))

Thanks for attention!

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Martin: "Re: [PATCH v2] arm: Add unwinding support for division functions"
Previous message: Ralf Baechle: "Re: [PATCH v4] MIPS: HIGHMEM DMA on noncoherent MIPS32 processors"
Next in thread: Jesper Juhl: "Re: Some patches for ppp_generic.c and proc/base.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]