Race conditions - alternate patch

From: Michał Zalewski (lcamtufat_private)
Date: Sun Feb 22 1998 - 06:16:50 PST

Next message: Michał Zalewski: "Re: Pipe attacks"

Previous message: Michał Zalewski: "Race conditions - patch."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Oh, I forgot one important thing. My kernel patch DOES NOT prevent
root from doing stupid and irresponsible things. If root WANT to
write any pipe/file - he can do that. But if you don't trust yourself,
or you're doing everything (compiling, sending mails, ircing...) at
UID=0 (huh) - you may modify patch to protect you against yourself
and your stupidity ;) Here's alternate version of patch:

-- race_patch-2.0-supersafe.patch --
'Super-safe race patch' by Michal Zalewski <lcamtufat_private>
and Krzysztof G. Baranowski <kgbat_private>

--- linux-2.0.33/fs/namei.c.orig Sun Aug 17 01:23:19 1997
+++ linux-2.0.33/fs/namei.c  Sat Feb 21 16:00:20 1998
@@ -19,6 +19,7 @@
#include <linux/fcntl.h>
#include <linux/stat.h>
#include <linux/mm.h>
+#include <linux/config.h>
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
@@ -405,6 +406,13 @@
   iput(inode);
   return error;
  }
+ #ifdef CONFIG_RACE_FIX
+ if ((S_ISREG(inode->i_mode) || S_ISFIFO(inode->i_mode)) && (dir->i_mode
+ & S_ISVTX) && current->fsuid!=inode->i_uid && (flag & 2)) {
+   iput(inode);
+   return -EPERM;
+ }
+ #endif /* CONFIG_RACE_FIX */
  if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
   /*
    * 2-Feb-1995 Bruce Perens <Bruceat_private>
--- linux-2.0.33/fs/Config.in.orig Sat Feb 21 14:37:18 1998
+++ linux-2.0.33/fs/Config.in  Sat Feb 21 14:36:56 1998
@@ -4,6 +4,9 @@
mainmenu_option next_comment
comment 'Filesystems'
+if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+  bool 'Super-safe race conditions patch (EXPERIMENTAL)' CONFIG_RACE_FIX
+fi
bool  'Quota support' CONFIG_QUOTA
tristate 'Minix fs support' CONFIG_MINIX_FS
tristate 'Extended fs support' CONFIG_EXT_FS
--- linux-2.0.33/Documentation/Configure.help.orig Sat Sep  6 05:43:58 1997
+++ linux-2.0.33/Documentation/Configure.help  Sat Feb 21 15:22:43 1998
@@ -2930,6 +2930,18 @@
   will skip detection and configuration after all.
   N.B. options are case sensitive.
   Read Documentation/cdrom/isp16 for details.
+
+Super-safe race conditions patch
+CONFIG_RACE_FIX
+  'Super-safe race condition fix' disallows users to write files/pipes
+  not owned by them in +t directories, overriding file access mode.
+  This feature prevents 'race conditions'. This patch is experimental.
+  If you're afraid about your security, say Y. Otherwise, if one
+  of more of your programs stops working with this patch, say N,
+  and report your problem to us.
+  Newest version can be obtained from authors, Michal Zalewski
+  <lcamtufat_private> and Krzysztof G. Baranowski
+  <kgbat_private>.
Quota support
CONFIG_QUOTA
-- eof --

_______________________________________________________________________
Michał Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private]
Iterować jest rzeczą ludzką, wykonywać rekursywnie - boską [P. Deustch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

Next message: Michał Zalewski: "Re: Pipe attacks"
Previous message: Michał Zalewski: "Race conditions - patch."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:04 PDT