Security hole in 2.1.48 + the plug for it :)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Matthias Urlichs: "Re: Memory Management - BSD vs Linux"
• Previous message: Hein Roehrig: "Ouch, kerneld:msgsnd buffers full!"

Over the weekend I started a little patch to actually secure immutable and
append-only files when securelevel is set (writes to block devices are
disallowed, and numerous other things denied).

I poked around the kernel sources, to check for oversights in the handling
of immutable and append-only files, and look what I found....

The patch is relative to 2.1.48. It might be worthwhile backporting it for
inclusion into 2.0.31, to accompany the "rename on top of immutable" fix.

Chris

--- namei-old.c Sun Aug 10 20:10:53 1997
+++ namei.c Sun Aug 10 20:27:54 1997
@@ -10,6 +10,7 @@

/* [Feb 1997 T. Schoebel-Theuer] Complete rewrite of the pathname
* lookup logic.
+ * [Aug 1997 C. Evans] Fix O_TRUNC on append only files security problem.
*/

#include <linux/errno.h>
@@ -579,9 +580,11 @@
}
/*
* An append-only file must be opened in append mode for writing.
- */
+ * Additionally, we must disallow O_TRUNC -- cevans
+ */
error = -EPERM;
- if (IS_APPEND(inode) && ((flag & FMODE_WRITE) && !(flag & O_APPEND)))
+ if (IS_APPEND(inode) && ((flag & O_TRUNC) ||
+ ((flag & FMODE_WRITE) && !(flag & O_APPEND))))
goto exit;

if (flag & O_TRUNC) {

• Next message: Matthias Urlichs: "Re: Memory Management - BSD vs Linux"
• Previous message: Hein Roehrig: "Ouch, kerneld:msgsnd buffers full!"