* Russell Coker said:
> >> problem but... may be can someone write linux kernel module (i saw one,
> >> writed by lcamtuf@ids.pl but compilation wasn't sucessfull ) that will
> >A module?! :)))) What for?! Just write your own WRAPPER around the open
> >syscall and use that instead of the libc's one :))))))). You can do it using
> >the LD_PRELOAD mechanism.
> >
>
> int (*real_open)(const char *, int) = NULL;
> int main()
> {
> void *libc6 = NULL;
> libc6 = dlopen("libc.so.6", RTLD_LAZY | RTLD_GLOBAL);
> if(!libc6)
> {
> printf("Aieee\n");
> exit(1);
> }
> real_open = (int (*)(const char *, int))dlsym(libc6, "open");
>
> int fd = real_open("/etc/passwd", O_RDONLY);
> read(fd...
> }
You can prevent that easily. Just deny read access on libc.so.6, leaving the
executable bit set.
> Of course you could pre-load a library that replaces the dlopen call, but
> your system probably won't work in such a fashion.
It would. You could add CAP ability to the dl* family of functions to test
for the credentials of the user that invokes the library. Much easier and
cleaner IMO.
> Mounting /home, /tmp, and /var/tmp in a noexec fashion is probably a better
> idea.
I agree. That's what I do with users I don't really trust. noexec, nosuid,
nodev. Pity that /tmp has to be executable, but the OpenWall patch makes it
possible to secure it anyway, besides mode 03777 makes it quite secure.
> >How does it do :))? open() just OPENS a file, read() reads the BYTES, not
> >LINES - and to test for authorized access you need to interpret LINES or
> >interpret every read byte - completely useless, solution IMO.
>
> I agree. That sort of stuff doesn't belong in the kernel.
Precisely.
marekAttachment:
pgp4B85M1OQIF.pgp
Description: PGP signature