Re: Linux 2.2.3ac1 [capabilities and /proc]

Andrew Morgan (morgan@transmeta.com)
Wed, 10 Mar 1999 22:26:04 -0800


This is a multi-part message in MIME format.
--------------115528CBC47C6C1CCCE29DEE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Alan Cox wrote:
> o i386 security hole fix for ptrace. Its in the other architectures
> too. It only bites if you use capabilities. The bigger hole in
> /proc is fixed in 2.2.3

As a general rule in the capability based system the superuser should
not have special [read] access to sensitive things simply because of its
[e]uid being 0. The /proc/ filesystem makes this hard to enforce because
files like /proc/kcore are readable by uid=0.

Here is a patch to make it possible for the admin to mount /proc/ (plus
all of its sub directories and special files) with uid.gid other than
0.0. It simply propagates the already supported uid= and gid= mount
options for the top level /proc directory to the non-process-specific
files within the proc filesystem.

Cheers

Andrew
--------------115528CBC47C6C1CCCE29DEE
Content-Type: text/plain; charset=us-ascii; name="uid-proc.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="uid-proc.patch"

diff -urN linux-2.2.1/fs/proc/inode.c linux-caps/fs/proc/inode.c
--- linux-2.2.1/fs/proc/inode.c Fri May 8 18:10:30 1998
+++ linux-caps/fs/proc/inode.c Sun Jan 31 00:02:05 1999
@@ -267,10 +267,19 @@

inode->u.generic_ip = (void *) de;
if (de) {
- if (de->mode) {
+ if (de->mode) { /* why conditional on non-zero mode? */
+ struct inode *sbi;
+
inode->i_mode = de->mode;
- inode->i_uid = de->uid;
- inode->i_gid = de->gid;
+
+ if ((ino != PROC_ROOT_INO)
+ && (sbi = sb->s_root->d_inode)) {
+ inode->i_uid = sbi->i_uid;
+ inode->i_gid = sbi->i_gid;
+ } else {
+ inode->i_uid = de->uid;
+ inode->i_gid = de->gid;
+ }
}
if (de->size)
inode->i_size = de->size;

--------------115528CBC47C6C1CCCE29DEE--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/