Useless(?) security patch against 2.1.86

David Woodhouse (Dave@imladris.demon.co.uk)
Wed, 11 Feb 1998 02:30:42 +0000

This is a multipart MIME message.

--==_Exmh_15000178470
Content-Type: text/plain; charset=us-ascii

Well, I was bored, so...

There follows a patch which will make your kernel complain if root executes a
binary which is owned by an untrusted user or group.

For the purposes of this patch, "untrusted" means having a [ug]id greater than
a user-provided cutoff point.

The maximum uid/gid permitted is in /proc/sys/fs/max_rootexec_[ug]id, and it
defaults to -1, which allows root to execute anything - as normal.

The patch will just make the kernel complain about it, but if you change the
"#if 0" in exec.c to "#if 1" it'll refuse to execute as well.

--==_Exmh_15000178470
Content-Type: text/plain; name="rootexec-patch-2.1.85"; charset=us-ascii
Content-Description: rootexec-patch-2.1.85
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="rootexec-patch-2.1.85"

LS0tIGxpbnV4L2ZzL2V4ZWMuYy5wcmVzZWMJV2VkIEZlYiAxMSAwMTowODowMiAxOTk4Cisr
KyBsaW51eC9mcy9leGVjLmMJV2VkIEZlYiAxMSAwMTo1MDoxOCAxOTk4CkBAIC02Niw2ICs2
NiwxMCBAQAogCiBzdGF0aWMgc3RydWN0IGxpbnV4X2JpbmZtdCAqZm9ybWF0cyA9IChzdHJ1
Y3QgbGludXhfYmluZm10ICopIE5VTEw7CiAKK2V4dGVybiB1bnNpZ25lZCBtYXhfcm9vdGV4
ZWNfdWlkOworZXh0ZXJuIHVuc2lnbmVkIG1heF9yb290ZXhlY19naWQ7CisKKwogX19pbml0
ZnVuYyh2b2lkIGJpbmZtdF9zZXR1cCh2b2lkKSkKIHsKICNpZmRlZiBDT05GSUdfQklORk1U
X01JU0MKQEAgLTYwMSw2ICs2MDUsMzQgQEAKIAkJaWYgKCFpbl9ncm91cF9wKGJwcm0tPmVf
Z2lkKSkKIAkJCWlkX2NoYW5nZSA9IDE7CiAJfQorCisgICAgICAgIC8qIElmIHdlJ3JlIHRo
ZSBzdXBlci11c2VyLCBjaGVjayB0aGF0IHJhbmRvbSB1c2VycyBkb24ndCBoYXZlIGFjY2Vz
cworICAgICAgICAgKiB0byB3cml0ZSB0byB0aGUgYmluYXJ5IHdlJ3JlIGFib3V0IHRvIGV4
ZWN1dGUuCisgICAgICAgICAqCisgICAgICAgICAqIFllcywgd2UgZG8gbWVhbiB0byB1c2Ug
Y3VycmVudC0+ZXVpZCwgbm90IHN1c2VyKCkuIFdlIGRvbid0IF9VU0VfCisgICAgICAgICAq
IHN1c2VyIHByaXZzIGhlcmUsIGp1c3QgY2hlY2sgZXh0cmEgc3R1ZmYgaWYgd2UgYXJlIGFs
cmVhZHkgc3VzZXIuCisgICAgICAgICAqLworI2lmIDAKKyNkZWZpbmUgQkFEUEVSTVMoKSBy
ZXR1cm4oLUVQRVJNKQorI2Vsc2UKKyNkZWZpbmUgQkFEUEVSTVMoKQorI2VuZGlmCisgICAg
ICAgIAorICAgICAgICBpZiAoIWN1cnJlbnQtPmV1aWQpIHsKKyAgICAgICAgICAgICAgICBp
ZiAobW9kZSAmIFNfSVdPVEgpIHsKKyAgICAgICAgICAgICAgICAgICAgICAgIHByaW50ayhL
RVJOX0lORk8gInJvb3QgZXhlY3V0ZXMgYmluYXJ5ICVzLCB3cml0YWJsZSBieSBhbnlvbmUh
XG4iLCBicHJtLT5maWxlbmFtZSk7CisgICAgICAgICAgICAgICAgICAgICAgICBCQURQRVJN
UygpOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAgICAgICAgICBlbHNlIGlmIChpbm9k
ZS0+aV91aWQgPiBtYXhfcm9vdGV4ZWNfdWlkKSB7CisgICAgICAgICAgICAgICAgICAgICAg
ICBwcmludGsoS0VSTl9JTkZPICJyb290IGV4ZWN1dGVzIGJpbmFyeSAlcywgb3duZWQgYnkg
dWlkICVkXG4iLGJwcm0tPmZpbGVuYW1lLCBpbm9kZS0+aV91aWQpOworICAgICAgICAgICAg
ICAgICAgICAgICAgQkFEUEVSTVMoKTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAg
ICAgICAgZWxzZSBpZiAoaW5vZGUtPmlfZ2lkID4gbWF4X3Jvb3RleGVjX2dpZCkgeworICAg
ICAgICAgICAgICAgICAgICAgICAgcHJpbnRrKEtFUk5fSU5GTyAicm9vdCBleGVjdXRlcyBi
aW5hcnkgJXMsIG93bmVkIGJ5IGdpZCAlZFxuIixicHJtLT5maWxlbmFtZSwgaW5vZGUtPmlf
Z2lkKTsKKyAgICAgICAgICAgICAgICAgICAgICAgIEJBRFBFUk1TKCk7CisgICAgICAgICAg
ICAgICAgfQorICAgICAgICB9CisjdW5kZWYgQkFEUEVSTVMoKQogCiAJaWYgKGlkX2NoYW5n
ZSkgewogCQkvKiBXZSBjYW4ndCBzdWlkLWV4ZWN1dGUgaWYgd2UncmUgc2hhcmluZyBwYXJ0
cyBvZiB0aGUgZXhlY3V0YWJsZSAqLwotLS0gbGludXgva2VybmVsL3N5c2N0bC5jLnByZXNl
YwlXZWQgRmViIDExIDAwOjMxOjA5IDE5OTgKKysrIGxpbnV4L2tlcm5lbC9zeXNjdGwuYwlX
ZWQgRmViIDExIDAxOjA3OjQxIDE5OTgKQEAgLTQxLDYgKzQxLDggQEAKIGV4dGVybiBpbnQg
YmRmX3BybVtdLCBiZGZsdXNoX21pbltdLCBiZGZsdXNoX21heFtdOwogZXh0ZXJuIGNoYXIg
YmluZm10X2phdmFfaW50ZXJwcmV0ZXJbXSwgYmluZm10X2phdmFfYXBwbGV0dmlld2VyW107
CiBleHRlcm4gaW50IHN5c2N0bF9vdmVyY29tbWl0X21lbW9yeTsKK3Vuc2lnbmVkIG1heF9y
b290ZXhlY191aWQ9LTE7IC8qIFRoZXNlIHNob3VsZCBiZSBbdWddaWRfdCwgYnV0IHRoZSBw
cm9jICovIAordW5zaWduZWQgbWF4X3Jvb3RleGVjX2dpZD0tMTsgIC8qIHJvdXRpbmVzIG5l
ZWQgc2l6ZSA+PSBzaXplb2YoaW50KSAgIERXICovCiAKICNpZmRlZiBfX3NwYXJjX18KIGV4
dGVybiBjaGFyIHJlYm9vdF9jb21tYW5kIFtdOwpAQCAtMTk3LDYgKzE5OSwxMCBAQAogfTsK
IAogc3RhdGljIGN0bF90YWJsZSBmc190YWJsZVtdID0geworICAgICAgICB7RlNfTUFYX1JP
T1RFWEVDX1VJRCwgIm1heF9yb290ZXhlY191aWQiLCAmbWF4X3Jvb3RleGVjX3VpZCwKKyAg
ICAgICAgIHNpemVvZihpbnQpLCAwNjQ0LCBOVUxMLCAmcHJvY19kb2ludHZlY30sCisgICAg
ICAgIHtGU19NQVhfUk9PVEVYRUNfR0lELCAibWF4X3Jvb3RleGVjX2dpZCIsICZtYXhfcm9v
dGV4ZWNfZ2lkLAorICAgICAgICAgc2l6ZW9mKGludCksIDA2NDQsIE5VTEwsICZwcm9jX2Rv
aW50dmVjfSwKIAl7MH0KIH07CiAKLS0tIGxpbnV4L2luY2x1ZGUvbGludXgvc3lzY3RsLmgu
cHJlc2VjCVdlZCBGZWIgMTEgMDA6Mzc6NDUgMTk5OAorKysgbGludXgvaW5jbHVkZS9saW51
eC9zeXNjdGwuaAlXZWQgRmViIDExIDAwOjM5OjA5IDE5OTgKQEAgLTMwOCw4ICszMDgsMTIg
QEAKIH07CiAKIC8qIENUTF9QUk9DIG5hbWVzOiAqLwotCisgICAgICAgIAogLyogQ1RMX0ZT
IG5hbWVzOiAqLworZW51bSB7CisgICAgICAgIEZTX01BWF9ST09URVhFQ19VSUQgPSAxLAor
ICAgICAgICBGU19NQVhfUk9PVEVYRUNfR0lELAorfTsKIAogLyogQ1RMX0RFQlVHIG5hbWVz
OiAqLwogCg==

--==_Exmh_15000178470
Content-Type: text/plain; charset=us-ascii

---- ---- ----
David Woodhouse, Robinson College, CB3 9AN, England. (+44) 0976 658355
Dave@imladris.demon.co.uk http://dwmw2.robinson.cam.ac.uk
finger pgp@dwmw2.robinson.cam.ac.uk for PGP key.

--==_Exmh_15000178470--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu