From: Stanislav Ievlev <inger@altlinux.ru>
Subject: RSBAC BIG AUDIT
Date: Sat, 09 Jun 2001 19:56:30 +0400
Next Article (by Author): softmode vs. PM and RSBAC backup. Stanislav Ievlev
Previous Article (by Author): Design bugs Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]
This is a multi-part message in MIME format. --------------070500080708050205000203 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello! I'm sending full table "RSBAC and syscalls" with notes now. I think we must closely check syscalls to avoid bugs like sys_rename() Summary for second part: 1. sys_mprotect - T_NONE exists in code before rsbac_adf_* , but not used in rsbac_adf_request 2. sys_get_kernel_syms - unprotected (T_SCD) 3. sys_quotactl - unprotected 4. sys_bdflush - unprotected 5. sys_personality - unprotected (T_SCD) 6. sys_flock - unprotected 7. sys_sysctl - !!! unprotected!!! 8. sys_sched_getparam (and others) - unprotected (like sys_kill) 9. sys_mremap - unprotected (can be protected via do_unmap) 10. sys_nfsservctl -unprotected 11. sys_prctl - unprotected 12. sys_setgroups- uncontrolled root's actions (He can sets groups itself) 13. sys_setfsuid (and fsgeid) - Why we use T_NONE instead T_PROCESS? 14. sys_pivot_root() - we must have protection like for sys_chroot() General idea - we must protect all syscalls that check capabilities. Table in attach. --------------------- With best regards Stanislav Ievlev <inger@linux.ru.net> --------------070500080708050205000203 Content-Type: application/octet-stream; name="RSBAC-CALLS.html.bz2" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="RSBAC-CALLS.html.bz2" QlpoOTFBWSZTWSpB5gcACi9fgAAQc2f//7/v3+q////wYA8+WRr7331UDrO694e58ZfNANBb qufcYldmtdxqro93cVlTWp4YkjKn6EybSp+qfqjZNTYk2JPKaZMIAA009QA1PRMCmlMlP1Jk YRpkGIwTTEGQaMR6mjBISERiCap+pojTJo0NA0aAAyAAAJNSIU2jTKofqnoTTQwRpowAQZBi GJkYRKIJJp6nqManqfqRsUZMjanqAZAPUBoAAiSTQECYmpgKmmjRoNBp6gGQaaMTRo3xFECQ QF08fLq5TiIFxM+JBCqKjARBkAVQkNo9PN8ft9P5W4ybNWTA6DJydrpZqie7fTvtbtZ7hRBU TakBx7L6v6dP1tx2SrsdIPam2lqHTuNCKFA0wsJCt6uiFF4CEfMgxvXQ8njyGDwfN8DAp/7y ojBDnCEQeqcZDcByENBHM0QHbNHvdfhjbYMFcK+nXmn8np3afA4Czyy0Djyi1DUSKpwqz0P8 WHUr+9Z3s/O4Mym583AYNVydd0sAikSekKpVIaECcoDmkoLGgwgJnEAoINrfGVfU5Cmajdi2 678gRJOsnISBSHt2FhEmigVS0tqpayQePmJlgooJTn5NQvCSSCCCCCC4md2Nwu7XdEOF/E93 LO9mjRhoiEvtSn+JVqUqqEqVFKqlKqhPR9UfiLXq9IG6YiSAnDjrwq965W2lsqy4ceUxKz8R 18WhC+VSC0iqqiqjgZWW3Ddw4cN2WFaaJmJmaBBBBBBBJJpTL3cibm2vMZWqT/9/j578BUVF VEeE2Vmmum8uX1vloZa4XrUrf9vMikgkgkkgg0iUqaqRrWqM1qbS5WKlaCI9c5dbaYYKK+6q VgGQtb7OvHjx0tjrjV92PDKuZWySSSSRxKEgwK2mC9MUFttsZythwQQSURF8WFVETrIgJ20t pS6q9mTU5R3qWtASQSSSQSSZtotnFRM2mbV0m7+LGMY6n8mOSYHgwOlxMN1seZc57yn7jhRy tyHCO0xzP96J87+G8zKfLfSxoHGDcwy9fSh2FDTeDv7tEXdQpfdeen35oORfDW9hBFYQqBuc ZrSMCd3RsEOb513KjW189Vx5zntLwTOBqZFLhNophFJD5IJbannHKACHGJ2QJl5SNBLP+Z4+ UoJAHCxnWEGNmHK5w3RriXuryx137ALDITq9+qc0LIZKw8CGzzJIcGKRYUhzoYNkMmmTJhuf A57ijPI7cWFYtnR3ukWTObXlZ7Q+Y0x7ChEzlDNZYVuJh1L0JiTCJ0idPTT7jVumgdKLfN1+ U+U8D9Sh1X3pDcQx2EU/uelQ03GPP9RnhWtJG20zMogHEMlg03um2c2rbzcu1bkp0hNCnzwj F5UYzzM+emWjDKTBeVjIkMUikdYSBWcomWYOz5KumSmZFTSsuSIqnUqhqnaqqqCo0uSlCadC acUGVazNUqND08GozMpDIgcKjzUwqyrKGnKKmaBdkQO75yigPBZMqgp3qTHL8R1dyR9OFSyC z8nC1Dz0gznQqmqZ/gwl0MGGVUBHYkAp4VIiKGSQbkKKDCqYkzqBhg/RgpGGZtUxRkaUdDMD VSJ5ZVWcvpSFhRunkRRecgooJ0YadBjlOEBVHhRUZ6+TPSlliqjZZUVR2+e1VESsjBNcAQoR YEEhBVKoskIDICjEGRIKSLJIKSQWACgoooCiwWChIpBYwnbJmw1mPLvHc8+F2oR+bhgh+iB2 dWApYS/WI3NwXX2g4Bl1H5xZErEMBcPvqG5FvHVPGxc2UhGO0MRGEaiGSMQd7FN31bjI4ENS /wXoh7K7xAEigbJdTjehQRBOIB+8LTfLYocwKh9d7wW+CfE6KGjkLkhyTfYDMILZUDkKzWke m7BHAUgGOopUeH2fYK7kYgndwQbpkoXVDBNUNQHBnbKG9BI4gN+u4O3fbUf9gOIv9jQTLyzO mAHOb8goyANW4tsthTJB1RtkmbX2xD64Hqq94ruUO5Huro9GCb03gdvXC+bkBO2QuRxA0UOQ HmXTmRQ6GFwWkYplV8Lo8GFuqF0M1Dl4gc+hsFAh9MbRFNE1xfxaVq4thnDaiubczO4pja0t TqqG8lQfZDkpSAdlPFJpxs9hGtQbuut2rNBYLVghngHhhZb0D0QzYKRSKhESENYAUhTSVGYU WII0DZEqGanx3yOIcVO4H8HkmJshuxtFc0Kd0ndim5AO9G5936OAIXF9WEGU8UUiRUDOkYBx VUMZdarVG03SEILmrGKFisUkCBUCriSJ9x/L02QxE7f3kolxAXzpU/GAeV+UYK0ghtHxbsHn tGqHGFms8oFDJQoOVFW5Yt7qsGZlX5qAm8VEcFVlhizaKG36MQveJJ3gA5Ek2BVEbpEUV8LA 3YlBZwk/gkqku00wqCQ2iYwPeTTQzNPosfT8BzscwmwGDAx9dqx+oOm4Id/HW1jvIjCD8WZw Lif5ZWpsDkUWa9yc4WQItAtRN3AAXBwMQIvymBldKkv7hn79lbAGFxWfwvT0WDjpsYaFzZE9 xgFczff7H0Znl4JuEVXckbg55BO/MWQb2NgWQzCgtcJqR9MjRpCzB4z017+LWfkMjkwbOLD0 +YQYlTwyaXsJyLUBc1MiwFsMwFUbwVRkFEQLubJHIMA45YlsvbCie3l5eharOT2FO0Qft24+ mwcmxxMraBLl9x1PGmQ6+/DoWJfeHhEA7O71vVjPEpaFjveHK5cadsTG6kXtiis12jBWC1Mu DQs2I/YqqIcxkC4i2evm1RlbTMhR66pn6Zh5yZ5mfjxWxDGFJdxMXTD4ceLC5sznDpZG/uXq tfe57q1R0Vojh1uukDI1itwgRREVbtIiIoMERVgi8qlIpCGZpNxCM0DI8z1hf2e+wG7urzHC vUJM7atAGHWNBw2HBwiFN7ecLMTHy1MWSg9YTXCA3tAc5u6wkvJVOOmOZcLkSsEi3KumXA17 Pw+lKZPKNF6pAljAvXsTgbC6GYdS3HeumzGKq2rjalWy2oLAgh2PnvAOaPY8k/9Qe3VW4dz5 OfPjs51kvgZ2/ZVaq9IDQMoCuFAIoF+/RjxBgmNRwpIzYgJQmFqGFlgtN04cT0W5FKrWkUVJ bHfS6VxjVjV7KeDjRaxKqoyo42JRHCBGWHq75rIswjPFy1acuGSON1VO3j2FyDfry5yVwW3B wQMccHESFesczLKHjeVaHc3whm8uUMyM6zZy3GMMvcFziVlfGoPYIanT0jKbjeGg20zsg4B4 TWGR2QKDRPUoG4+RnZN48aN7Ayi3yNIhIMx2JqoJzhZ0CqwmVXgdG5a8929f4lqGAXzPYmhj HXPdgmLIHNpWgMgJcD4C/O+sNAwyzl2II3ljlKC5br67FDVCsYPyPS6M/A6YA9A80b0amGXg SG+B6nB9t5s69vo8PcwyLhIG/j1HkKXhwGYbXs++ghbN4wNU2N4Zh0ANCgpNxu1OfqdO9i/e 8LXiLxEd7NBgYlfBfvs36NMq0aGF9KmmZAhedt6+9oYW7Ybqw751VIy1xvKH3RmKWLxODVqG M6BmNdGdQQDMMsbM+XJp3CkFFYaRFUYOYKo+IPStCfibhlw3Ua2gHkzJ4lGjqVgJvI8Mw+FN R4RyxdN9jeUZjflHzDbLxqQxEa3phoX01mC7HzbC4Npfd4dSsTpOBDjWc6dtCYZ4k6EkgLIq wkFBjBSADEFAJBeXfSBryWNGBhx4WrZMgtNjfl7sFcIgQYtz02TbeepZAX25I2pcLmvVLoG8 0NXh6W36l+WV67lrDojWzye1t6bb6lkq6cq5oQMYohIrxgNEBhFlRGRZl16cZukat3GzR4+V Gqd3eU5PDbeMubh3FVYZGSMvGawq1GHetHn8eRfOgC5rcURAxFEQLNxxVYaEG1hHUaM9Uoxf nyGytsmuJHbbdXLoTmC3/GgBvYN6ozCtBWFH0wz4TO8M4HIVR5CqPnjgoahnv8JCSJh1MLlh dRrbHbSWy4MenHTZ4/5deFZxySQbjHLdqWviqn0rQHdzueY2dw6fJ46EJgE3nI2zPDbv7jfb 2J29DV9YaGo7Y7gJmxiIy70Keodu/Jbm+aSxdqj1HzaTW3HvFHRPYnazD3cEoeaIAA8rA4f8 XckU4UJAqQeYHA== --------------070500080708050205000203-- - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): softmode vs. PM and RSBAC backup. Stanislav Ievlev
Previous Article (by Author): Design bugs Stanislav Ievlev
Articles sorted by: [Date]
[Author]
[Subject]