Bugtraq mailing list archives
Re: kern_exec.c
From: jhawk () panix com (John Hawkinson)
Date: Thu, 29 Sep 1994 23:23:16 -0400 (EDT)
To: bugtraq () crimelab com From: an134699 () anon penet fi X-Anonymously-To: bugtraq () crimelab com
Well, everyone's been wanting a copy of SunOS's kern_exec.c code so that they could do neat things with turning off SUID scripts, here it is. The only thing I ask is that someone make the required changes to do this (preferably in a way so that they are settable in adb) and post those changes.
Wow, neat-oh. I didn't quite expect _this_ to happen. Anyway,
there are 2 issues:
1) The source, as posted, has a small formatting problem
with some >'s at the beginning of lines. This patch
fixes this:
-------------cut
*** ke.c.anon Thu Sep 29 23:04:51 1994
--- ke.c.jhawk1 Thu Sep 29 23:03:38 1994
***************
*** 131,137 ****
while ((ta = a) != NULL) {
a = ta->a_next;
if (as_unmap(&kas, (addr_t)ta, sizeof (*ta)) != A_SUCCESS)
! > panic("args_free as_unmap");
}
}
--- 131,137 ----
while ((ta = a) != NULL) {
a = ta->a_next;
if (as_unmap(&kas, (addr_t)ta, sizeof (*ta)) != A_SUCCESS)
! panic("args_free as_unmap");
}
}
***************
*** 493,499 ****
while (u.u_lastfile >= 0 && u.u_ofile[u.u_lastfile] == NULL)
u.u_lastfile--;
setregs(u.u_exdata.ux_entloc);
! >
/*
* Remember file name for accounting.
*/
--- 493,499 ----
while (u.u_lastfile >= 0 && u.u_ofile[u.u_lastfile] == NULL)
u.u_lastfile--;
setregs(u.u_exdata.ux_entloc);
!
/*
* Remember file name for accounting.
*/
***************
*** 591,597 ****
* initialize the virtual memory of the new process.
*/
relvm(p);
! > p->p_flag &= ~(SPAGI|SSEQL|SUANOM);
p->p_flag |= pagi;
u.u_pcb.pcb_flags = AST_NONE;
--- 591,597 ----
* initialize the virtual memory of the new process.
*/
relvm(p);
! p->p_flag &= ~(SPAGI|SSEQL|SUANOM);
p->p_flag |= pagi;
u.u_pcb.pcb_flags = AST_NONE;
-------------cut
2) Here is a patch to disable setuid shellscripts, and to verbosely
log pid and parentpid instead of just the uid and pn_buf. The former
(disabling setuid scripts) will can be turned on by compiling with
-DJHAWK_NOSUIDSCRIPT
and the latter (verbose pid/ppid logging) with
-DJHAWK_VERBOSESUIDLOG
I'm not sure how to go about doing this so it's toggleable with
adb, but I'm sure I could figure it out if I took some more time,
as could someone who has some more knowledge of this.
-------------cut
*** ke.c.jhawk1 Thu Sep 29 23:03:38 1994
--- ke.c.jhawk2 Thu Sep 29 23:08:48 1994
***************
*** 198,205 ****
--- 198,211 ----
if (indir == 0) {
if (vp->v_vfsp->vfs_flag & VFS_NOSUID) {
if ((vattr.va_mode & (VSUID | VSGID)) != 0) {
+ #ifdef JHAWK_VERBOSESUIDLOG
+ log(LOG_WARNING,
+ "%s, uid %d, pid %d (%d): setuid execution not allowed\n",
+ pn.pn_buf, uid, u.u_procp->p_pid, u.u_procp->p_ppid);
+ #else /* JHAWK_VERBOSESUIDLOG */
log(LOG_WARNING,
"%s, uid %d: setuid execution not allowed\n", pn.pn_buf, uid);
+ #endif /* JHAWK_VERBOSESUIDLOG */
}
} else {
if (vattr.va_mode & VSUID)
***************
*** 280,285 ****
--- 286,308 ----
error = ENOEXEC;
goto bad;
}
+ #ifdef JHAWK_NOSUIDSCRIPT
+ if ((vattr.va_mode & (VSUID | VSGID)) != 0) {
+ #ifdef JHAWK_VERBOSESUIDLOG
+ /* uap->fname seems to be the relative pathname as passed to execve();
+ it might be reasonable to log it, but we're not right now. */
+ log(LOG_WARNING,
+ "%s, uid %d, pid %d (%d): setuid scripts not allowed\n",
+ pn.pn_buf, u.u_uid, u.u_procp->p_pid,
+ u.u_procp->p_ppid);
+ #else /* JHAWK_VERBOSESUIDLOG */
+ log(LOG_WARNING,
+ "%s, uid %d: setuid scripts not allowed\n",
+ pn.pn_buf, u.u_uid);
+ #endif /* JHAWK_VERBOSESUIDLOG */
+ uid = u.u_uid; gid = u.u_gid;
+ }
+ #endif /* JHAWK_NOSUIDSCRIPT */
cp = &u.u_exdata.ux_shell[2];
while (*cp == ' ')
cp++;
-------------cut
3) In order to install this, drop this kern_exec.c in
``/sys/os/kern_exec.c'', and then do a ``make depend'' in your
kernel build directory, and then a ``make'', and you should have a new
kernel.
4) I would appreciate it if the original anonymous poster
would post this somewhere public on Usenet, like alt.sources and
comp.security.unix, so that it could get some wider distribution. My
patches are freely distributable and freely modifyable if anyone would
care to do so.
5) Please note that this modifications HAVE been tested, and
I have observed no adverse side-effects.
Oh, and remember, for those of you who forgot:
------------------------------------------------------------------------- To find out more about the anon service, send mail to help () anon penet fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin () anon penet fi.
Have a happy day! -- John Hawkinson jhawk () panix com
Current thread:
- Various resources Christopher Klaus (Sep 29)
- Re: Various resources Craig Metz (Sep 29)
- Re: Various resources Karl Strickland (Sep 29)
- kern_exec.c an134699 () anon penet fi (Sep 29)
- Re: kern_exec.c Karl Strickland (Sep 29)
- Re: kern_exec.c Len Rose (Sep 29)
- A request Mark Graff (Sep 29)
- A request Scott D. Yelich (Sep 30)
- Mail flags for using procmail instead of /bin/mail? James R. Ault (Sep 30)
- Re: Mail flags for using procmail instead of /bin/mail? Adam Shostack (Sep 30)
- Re: kern_exec.c John Hawkinson (Sep 29)
- Re: Various resources Craig Metz (Sep 29)
- <Possible follow-ups>
- Re: Various resources tws () mrc com (Sep 30)
- Re: Various resources H Morrow Long (Sep 30)
- Re: Various resources Pat Myrto (Sep 30)
- Re: Various resources H Morrow Long (Sep 30)