Design bugs


From: Stanislav Ievlev <inger@altlinux.ru>
Subject: Design bugs
Date: Fri, 08 Jun 2001 16:43:45 +0400

Next Article (by Author): RSBAC BIG AUDIT Stanislav Ievlev
Previous Article (by Author): Re: Pre-Fix for rename hole Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


This is a multi-part message in MIME format.
--------------030805090403060004020302
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello!

I've just beginning a BIG AUDIT of RSBAC code. Full report will be later.
First results:

1. In open_namei() we have not separate checking for R_CREATE (It's will 
be usefull for sys_creat() )
2. We have not any protection in sys_utime()
3. We have not protection in sys_kill()  / we need it for protection of 
rklogd /
4. We have not protection in sys_brk () / protection against memory 
flooding /
5. We have not protection for ioctl operations
6(!). sys_statfs, sys_fstatfs has RSBAC checkings, but sys_ustat() 
haven't. Solution to move RSBAC code from this functions into 
vfs_statfs() function
7. sys_sigsuspend() - problem like sys_kill()
8. We have not any protection in  sys_setgroups16() - so we have 
uncontrolled root's actions.
9. We have not any protection in sys_uselib() - It's very old syscall, 
but we can check for R_EXECUTE.
10. We have protection for old_mmap(), but haven't procection for 
reverse operation sys_munmap()
11. sys_setpriority() - problem like sys_kill()

File with table  attached.
----------------------------
With best regards
Stanislav Ievlev
<inger@linux.ru.net>

--------------030805090403060004020302
Content-Type: application/octet-stream;
 name="RSBAC-CALLS.html.bz2"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="RSBAC-CALLS.html.bz2"

QlpoOTFBWSZTWQQKEtkACMzfgAAQc2///7/v3+q/7//wYAj+t9973jpevlvlm0qoM33PXoC9
gDbHw0KTGpoepoTxDRMnpMmmAARkaMI2gjBohPJkVPUAGgANA0AAAADIA1TwI1UaMQ9QaGjE
ANAaaA0NBpo00BJqRFGjRDNTTQxGnoJkwhoADQAACKSNGpkaKfqanqaNPSeoA0AaAHqDT1A0
0yBEoQAgCZASmQND1HpABtQANPUGnAAqh1ZKJIUGEUUiFQaj3+zk3c8pi1sycBLimmRMhiDx
err/1tuBOUhGQZltDQOV9xoFE1AZYExCGCK0nfkDAMwIxpjiwECAAFiPYq627o5c7l67oa1D
Ln8TyoH5kysTR9/Hn7vhKfKxSk89wiAF3t9Pjv1hJyuRA2B1EwypgWCDzamfW5zTdHh3ObPr
kDohvoSg921K9cqic6lnAdrjIUQA3oFBQS75WCqI9lepP3opML9dstxkIRYAFwMAKW5LYkTV
urddrVlAhCTRSbzateQECAAGQwINJEk06Up+21ymBDMrhVwq1rba92kCAU0WjUdFekIgDAYY
AjaDKru72MRWmSrJGZ3dgRnAxcMnZVVpu6MCCShJLGabXSTN8cm9aHQZek5BCjMuTQariNGz
cvuV0N22qYiAelPhgYjpiQUOEXilIGd5YWEYQ1yY1OIv0e1mrhlMyAZYFhmSGAIGRNcgEVXD
t9SxXxDKbCwRrGEXTAWGKGqhztkMzTJlYbjzOnkKLMxTwp0h8xuMSFTfvrTgT5WuDMlo9I4Y
Ubzam3wPh/coNa/tgtI3CztuRpLv0pxJy5+5wZ9/gu23eHG0z4B2hyiDcpQskEIsgpEoVzib
ROAhtDkaOriaznANXaJzkRwqE7M5B5ESGax1UdNWrTSwMioQddXqvJagwQfTiWhin1ZZJSUy
U2ExGWqmYYVrjTClIWKN88Pe0FVWKoxAQkkFFSD0ECgobujg4SBEAMJbAFB2Igx7fFXLtzmq
DWBbXZZXYKDfx1dZEUIFVXJAQkFRPwxQLyECDCAiF5JCYSEYgkihBSQWAqwVQWAKCiQ5TFOP
p75Js7IGxmJ+h4iS82jDG0dWPEhMqHi2LlEshudV6WERfE0CUJasK7EA1/xqYBoe1x9c+tQi
G+YTa1SGynxeTYmIFcH7rtSdbRaNi2JnZFgQEgEzoOMlyDBOgygy8vKIXLApnyqzbUJoNbgO
auop1bC36HXn0yD5C3gfEyS/lReMNbiRc1hK4Zq0KWNrzVB+YfALpEMF0Lo04mZ2A6/7tdg4
nXAN5khwA7lnkRedrkCgQDaU65gYMaRmFF3yhiryQaYEdceSE5pSNprXw4b0ypSzuXk1H1TV
KKHRO7I9RcRqY42aVKFa0sl9g8LVYPFN7AYBFSKQgkZMKAwaKUhgn3N2B3N6dB+bxb9E1pem
I8bnRQ9FvP/e/ZW4D1SUdwLGAJFxPhVCqEKnMhCB2rItkIkgJRKCWPqW48nCUG0MFUJ4GYcf
vtJgkcEpXEwtJNAVW6YMp0EsyBYZzIF0LT3EKChkLScGo817vD07avuXGBTcjw1LdZuScuk4
c83DOFoJEBKJulQJc6MQxRyjAFCeCVsR9wwCQE4GTdgaUOHWE+8V2bygXEM8GkxvRycH5yod
ZpqDdA00qY2ClcAFBtBQZBVVvC9qWu/tz7d60R61FAH5TmjQC5gSBqkNL5SsABneKGgYjOmy
ygIru2+wRADPD15kGhfYin/SFMm6sxO7ZpyxXARhjLzu3DLbQ1Bo1SlWmkQYK89FJJllDoFP
GiZ9A6h6eXsIgBxEQAquBAyHgJUL30fMqG6AX9JNqUvrKlKczXW4qYUoupYuoYmglx1KZmXI
9zJKkm1CpQbw83y6BvWzsZ+p52Xn9N9+AHCAU7nAzXP5eenqUNDHjdQ5VEQA2Otp1bNK1kcT
uGW+VOU0KefK1bUpWtBKEqQreXL7GhdKfaydXDLXnSldDYikNZ68DtCrvwJMMA0MzMnLiWLz
IkgbqB5mVHMMIe8qXOwaZmuZYzCTRY33hlqGkjQlbdGOllodA5Zj6bZxeElIWsLU7BeaJyEQ
AtbIYEKCIAUj0Jb5+kkjDz7fQeSh38TErj2Jn6G57Zcufmwqm/ibC+6bErOIIgB+WrxxN0M0
0NXLJYQzxPQ4dGBBcwbhhYfo8O3pKcxoUvp7aBT3PH1OBbI3rO1A01xnMh2qY1eiN5anfFdF
vBQfACFm8OxKkMnkVMtD3aOcxvMc6mFvLxDPtC4Hi8DLP6s1144mhhzm1Q6KhIySCkgSCMYy
ISDpAcuWdp4PErndUKRG+DlwEQA3u63IbGW4thrau7alIluNE6gkgqyCZQaRSlBJuuDIFADW
Q3a0nYb9S1Va2Npar1RU1UhAAto1Y2d+5DcoVVahVVoUFgpDIHIUyMbZjIc0YY5ujXJDCM0l
MyYnimONTCBuFB3Cg99rDnr1I1HSORr2ytqST7MecJeND2Og/guaGZfzw5w4brzXuJ0vMDMa
db0z0hwJsYtffRFXYRAAP/i7kinChIAgUJbI
--------------030805090403060004020302--

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): RSBAC BIG AUDIT Stanislav Ievlev
Previous Article (by Author): Re: Pre-Fix for rename hole Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.