* Russell Coker said: > >> problem but... may be can someone write linux kernel module (i saw one, > >> writed by lcamtuf@ids.pl but compilation wasn't sucessfull ) that will > >A module?! :)))) What for?! Just write your own WRAPPER around the open > >syscall and use that instead of the libc's one :))))))). You can do it using > >the LD_PRELOAD mechanism. > > > > int (*real_open)(const char *, int) = NULL; > int main() > { > void *libc6 = NULL; > libc6 = dlopen("libc.so.6", RTLD_LAZY | RTLD_GLOBAL); > if(!libc6) > { > printf("Aieee\n"); > exit(1); > } > real_open = (int (*)(const char *, int))dlsym(libc6, "open"); > > int fd = real_open("/etc/passwd", O_RDONLY); > read(fd... > } You can prevent that easily. Just deny read access on libc.so.6, leaving the executable bit set. > Of course you could pre-load a library that replaces the dlopen call, but > your system probably won't work in such a fashion. It would. You could add CAP ability to the dl* family of functions to test for the credentials of the user that invokes the library. Much easier and cleaner IMO. > Mounting /home, /tmp, and /var/tmp in a noexec fashion is probably a better > idea. I agree. That's what I do with users I don't really trust. noexec, nosuid, nodev. Pity that /tmp has to be executable, but the OpenWall patch makes it possible to secure it anyway, besides mode 03777 makes it quite secure. > >How does it do :))? open() just OPENS a file, read() reads the BYTES, not > >LINES - and to test for authorized access you need to interpret LINES or > >interpret every read byte - completely useless, solution IMO. > > I agree. That sort of stuff doesn't belong in the kernel. Precisely. marek
Attachment:
pgp4B85M1OQIF.pgp
Description: PGP signature