The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Race conditions - patch.


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
X-RDate: Mon, 23 Feb 1998 10:23:31 +0500 (ESK)
Date: Sun, 22 Feb 1998 14:13:02 +0100
From: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski <[email protected]>
To: [email protected]
Subject: Race conditions - patch.

Here's my kernel patch. This one should finally (?) stop typical
race conditions, including pipe attacks and regular file races.
This solution is radical (disallows writing to not-your pipes and
files in +t directories), but works fine. Even if any program
fails, it may be easily patched to store it's files in eg. /tmp
subdir. It's much easier to change one path than to fix a lot
of vunerable utilities.

-- race_patch-2.0.patch --
'Race conditions patch' by Michal Zalewski <[email protected]>
and Krzysztof G. Baranowski <[email protected]>

--- linux-2.0.33/fs/namei.c.orig Sun Aug 17 01:23:19 1997
+++ linux-2.0.33/fs/namei.c  Sat Feb 21 16:00:20 1998
@@ -19,6 +19,7 @@
#include <linux/fcntl.h>
#include <linux/stat.h>
#include <linux/mm.h>
+#include <linux/config.h>

#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])

@@ -405,6 +406,13 @@
   iput(inode);
   return error;
  }
+ #ifdef CONFIG_RACE_FIX
+ if ((S_ISREG(inode->i_mode) || S_ISFIFO(inode->i_mode)) && (dir->i_mode
+ & S_ISVTX) && current->fsuid!=inode->i_uid && current->fsuid && (flag & 2)) {
+   iput(inode);
+   return -EPERM;
+ }
+ #endif /* CONFIG_RACE_FIX */
  if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
   /*
    * 2-Feb-1995 Bruce Perens <[email protected]>
--- linux-2.0.33/fs/Config.in.orig Sat Feb 21 14:37:18 1998
+++ linux-2.0.33/fs/Config.in  Sat Feb 21 14:36:56 1998
@@ -4,6 +4,9 @@
mainmenu_option next_comment
comment 'Filesystems'

+if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
+  bool 'Race conditions patch (EXPERIMENTAL)' CONFIG_RACE_FIX
+fi
bool  'Quota support' CONFIG_QUOTA
tristate 'Minix fs support' CONFIG_MINIX_FS
tristate 'Extended fs support' CONFIG_EXT_FS
--- linux-2.0.33/Documentation/Configure.help.orig Sat Sep  6 05:43:58 1997
+++ linux-2.0.33/Documentation/Configure.help  Sat Feb 21 15:22:43 1998
@@ -2930,6 +2930,18 @@
   will skip detection and configuration after all.
   N.B. options are case sensitive.
   Read Documentation/cdrom/isp16 for details.
+
+Race conditions patch
+CONFIG_RACE_FIX
+  'Race condition fix' disallows ordinary users to write files/pipes
+  not owned by them in +t directories, overriding file access mode.
+  This feature prevents 'race conditions'. This patch is experimental.
+  If you're afraid about your security, say Y. Otherwise, if one
+  of more of your programs stops working with this patch, say N,
+  and report your problem to us.
+  Newest version can be obtained from authors, Michal Zalewski
+  <[email protected]> and Krzysztof G. Baranowski
+  <[email protected]>.

Quota support
CONFIG_QUOTA
-- eof --

_______________________________________________________________________
Micha³ Zalewski [tel 9690] | finger 4 PGP [[email protected]]
Iterowaæ jest rzecz± ludzk±, wykonywaæ rekursywnie - bosk± [P. Deustch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



ðÁÒÔΣÒÙ:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
èÏÓÔÉÎÇ:

úÁËÌÁÄËÉ ÎÁ ÓÁÊÔÅ
ðÒÏÓÌÅÄÉÔØ ÚÁ ÓÔÒÁÎÉÃÅÊ
Created 1996-2024 by Maxim Chirkov
äÏÂÁ×ÉÔØ, ðÏÄÄÅÒÖÁÔØ, ÷ÅÂÍÁÓÔÅÒÕ