Oh, I forgot one important thing. My kernel patch DOES NOT prevent root from doing stupid and irresponsible things. If root WANT to write any pipe/file - he can do that. But if you don't trust yourself, or you're doing everything (compiling, sending mails, ircing...) at UID=0 (huh) - you may modify patch to protect you against yourself and your stupidity ;) Here's alternate version of patch: -- race_patch-2.0-supersafe.patch -- 'Super-safe race patch' by Michal Zalewski <lcamtufat_private> and Krzysztof G. Baranowski <kgbat_private> --- linux-2.0.33/fs/namei.c.orig Sun Aug 17 01:23:19 1997 +++ linux-2.0.33/fs/namei.c Sat Feb 21 16:00:20 1998 @@ -19,6 +19,7 @@ #include <linux/fcntl.h> #include <linux/stat.h> #include <linux/mm.h> +#include <linux/config.h> #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) @@ -405,6 +406,13 @@ iput(inode); return error; } + #ifdef CONFIG_RACE_FIX + if ((S_ISREG(inode->i_mode) || S_ISFIFO(inode->i_mode)) && (dir->i_mode + & S_ISVTX) && current->fsuid!=inode->i_uid && (flag & 2)) { + iput(inode); + return -EPERM; + } + #endif /* CONFIG_RACE_FIX */ if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) { /* * 2-Feb-1995 Bruce Perens <Bruceat_private> --- linux-2.0.33/fs/Config.in.orig Sat Feb 21 14:37:18 1998 +++ linux-2.0.33/fs/Config.in Sat Feb 21 14:36:56 1998 @@ -4,6 +4,9 @@ mainmenu_option next_comment comment 'Filesystems' +if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then + bool 'Super-safe race conditions patch (EXPERIMENTAL)' CONFIG_RACE_FIX +fi bool 'Quota support' CONFIG_QUOTA tristate 'Minix fs support' CONFIG_MINIX_FS tristate 'Extended fs support' CONFIG_EXT_FS --- linux-2.0.33/Documentation/Configure.help.orig Sat Sep 6 05:43:58 1997 +++ linux-2.0.33/Documentation/Configure.help Sat Feb 21 15:22:43 1998 @@ -2930,6 +2930,18 @@ will skip detection and configuration after all. N.B. options are case sensitive. Read Documentation/cdrom/isp16 for details. + +Super-safe race conditions patch +CONFIG_RACE_FIX + 'Super-safe race condition fix' disallows users to write files/pipes + not owned by them in +t directories, overriding file access mode. + This feature prevents 'race conditions'. This patch is experimental. + If you're afraid about your security, say Y. Otherwise, if one + of more of your programs stops working with this patch, say N, + and report your problem to us. + Newest version can be obtained from authors, Michal Zalewski + <lcamtufat_private> and Krzysztof G. Baranowski + <kgbat_private>. Quota support CONFIG_QUOTA -- eof -- _______________________________________________________________________ Michał Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] Iterować jest rzeczą ludzką, wykonywać rekursywnie - boską [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:04 PDT