[patch] /proc fix and experimental security patch

Vadim E. Kogan (vadim@vadim.gem.net)
Sun, 14 Jun 1998 23:02:48 -0700

This is a multi-part message in MIME format.
--------------59F129F05165F1C84E7D8DED
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Both patches are againt 2.1.105, but should fit .106. Also with minor
changes shoult go into 2.0...

First patch fixes permissions for /proc files for processes, that did
setuid/etc.

Second patch puts some security in /proc and ext2fs. THIS ONE IS
EXPERIMENTAL. I can't say I really like the way I did it, so comments
are very welcome. Also, some drivers set permissions for /proc entries
somewhere else (mtrr, parport, etc). If any1 will ever use that thing
(after it's checked by smart people and improved), I can make patch for
those "outside" drivers.

Vadim
--------------59F129F05165F1C84E7D8DED
Content-Type: text/plain; charset=us-ascii; name="proc-fix-2.1.105.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="proc-fix-2.1.105.diff"

--- linux/fs/proc/base.c~ Sun Jun 14 22:53:57 1998
+++ linux/fs/proc/base.c Sun Jun 14 22:54:18 1998
@@ -58,14 +58,11 @@
{
struct task_struct *p;
int pid = inode->i_ino >> 16;
- int ino = inode->i_ino & 0xffff;

read_lock(&tasklist_lock);
if (fill && (p = find_task_by_pid(pid)) != NULL) {
- if (p->dumpable || ino == PROC_PID_INO) {
- inode->i_uid = p->euid;
- inode->i_gid = p->gid;
- }
+ inode->i_uid = p->euid;
+ inode->i_gid = p->gid;
}
read_unlock(&tasklist_lock);
}

--------------59F129F05165F1C84E7D8DED
Content-Type: text/plain; charset=us-ascii; name="secure-proc-ext2-2.1.105-0.1.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="secure-proc-ext2-2.1.105-0.1.diff"

diff -r -u -x [*~] linux.orig/Documentation/Configure.help linux/Documentation/Configure.help
--- linux.orig/Documentation/Configure.help Sun Jun 7 10:37:41 1998
+++ linux/Documentation/Configure.help Sun Jun 14 22:23:27 1998
@@ -8729,6 +8729,39 @@
from the running kernel whenever you want). If you want to compile
it as a module, say M here and read Documentation/modules.txt.

+Secure procfs [EXPERIMENTAL]
+CONFIG_SECURE_PROC
+ Restrict access to files in /proc for non-root users. Non-root users
+ will be able to see ONLY their own processes and commond kernel
+ informatien (loadavg, meminfo, etc.). Most /proc-dependent programs
+ will still work right.
+
+ If unsure say N.
+
+Root is luser [EXPERIMENTAL]
+CONFIG_SECURE_PROC_ROOT_LUSER
+ Treat root just like regular user in relation to other users' processes.
+ Root still will be able to access ALL kernel-related files in /proc.
+ Also root still have access to processes he knows pid of (i.e. kill it
+ if it kindly told him it's pid).
+
+ If unsure say N.
+
+Secure ext2fs extention [EXPERIMENTAL]
+CONFIG_SECURE_EXT2
+ Do not show files in directory if user
+ a) is not root
+ b) doesn't own directory
+ c) doesn't have read permissions on file
+
+ If unsure say N.
+
+Root is luser [EXPERIMENTAL]
+CONFIG_SECURE_EXT2_ROOT_LUSER
+ Treat root just as regular user. WARNING - might cause big problems.
+
+ If unsure say N.
+
#
# A couple of things I keep forgetting:
# capitalize: DMA, Internet, Intel, IRQ, Linux, NetWare, NFS, PCI, SCSI
diff -r -u -x [*~] linux.orig/arch/alpha/defconfig linux/arch/alpha/defconfig
--- linux.orig/arch/alpha/defconfig Mon Mar 30 00:21:39 1998
+++ linux/arch/alpha/defconfig Sun Jun 14 22:34:09 1998
@@ -227,6 +227,8 @@
# CONFIG_QUOTA is not set
# CONFIG_MINIX_FS is not set
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
# CONFIG_JOLIET is not set
# CONFIG_FAT_FS is not set
@@ -234,6 +236,8 @@
# CONFIG_UMSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
# CONFIG_NFSD is not set
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/arch/arm/defconfig linux/arch/arm/defconfig
--- linux.orig/arch/arm/defconfig Sun Apr 12 11:42:15 1998
+++ linux/arch/arm/defconfig Sun Jun 14 22:34:07 1998
@@ -180,6 +180,8 @@
# CONFIG_QUOTA is not set
# CONFIG_MINIX_FS is not set
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_FAT_FS=y
@@ -187,6 +189,8 @@
# CONFIG_UMSDOS_FS is not set
CONFIG_VFAT_FS=y
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
CONFIG_NFSD=y
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/arch/i386/defconfig linux/arch/i386/defconfig
--- linux.orig/arch/i386/defconfig Sun Jun 7 11:21:35 1998
+++ linux/arch/i386/defconfig Sun Jun 14 22:34:07 1998
@@ -222,6 +222,8 @@
# CONFIG_QUOTA is not set
# CONFIG_MINIX_FS is not set
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
# CONFIG_JOLIET is not set
# CONFIG_FAT_FS is not set
@@ -229,6 +231,8 @@
# CONFIG_UMSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
CONFIG_NFSD=y
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/arch/m68k/defconfig linux/arch/m68k/defconfig
--- linux.orig/arch/m68k/defconfig Tue Mar 10 14:43:13 1998
+++ linux/arch/m68k/defconfig Sun Jun 14 22:34:08 1998
@@ -154,12 +154,16 @@
# CONFIG_QUOTA is not set
CONFIG_MINIX_FS=y
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_FAT_FS=y
CONFIG_MSDOS_FS=y
# CONFIG_VFAT_FS is not set
# CONFIG_UMSDOS_FS is not set
# CONFIG_MSDOS_PARTITION is not set
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
# CONFIG_ROOT_NFS is not set
# CONFIG_SMB_FS is not set
diff -r -u -x [*~] linux.orig/arch/mips/defconfig linux/arch/mips/defconfig
--- linux.orig/arch/mips/defconfig Fri May 8 00:13:23 1998
+++ linux/arch/mips/defconfig Sun Jun 14 22:34:08 1998
@@ -239,6 +239,8 @@
# CONFIG_QUOTA is not set
# CONFIG_MINIX_FS is not set
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
# CONFIG_JOLIET is not set
CONFIG_FAT_FS=y
@@ -246,6 +248,8 @@
# CONFIG_UMSDOS_FS is not set
CONFIG_VFAT_FS=y
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
CONFIG_NFSD=y
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/arch/ppc/defconfig linux/arch/ppc/defconfig
--- linux.orig/arch/ppc/defconfig Fri May 8 00:18:13 1998
+++ linux/arch/ppc/defconfig Sun Jun 14 22:34:06 1998
@@ -262,6 +262,8 @@
# CONFIG_QUOTA is not set
# CONFIG_MINIX_FS is not set
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
# CONFIG_JOLIET is not set
CONFIG_FAT_FS=m
@@ -269,6 +271,8 @@
# CONFIG_UMSDOS_FS is not set
CONFIG_VFAT_FS=m
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
CONFIG_NFSD=y
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/arch/sparc/defconfig linux/arch/sparc/defconfig
--- linux.orig/arch/sparc/defconfig Fri May 8 00:11:28 1998
+++ linux/arch/sparc/defconfig Sun Jun 14 22:34:06 1998
@@ -232,6 +232,8 @@
CONFIG_QUOTA=y
CONFIG_MINIX_FS=m
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
# CONFIG_JOLIET is not set
CONFIG_FAT_FS=m
@@ -239,6 +241,8 @@
# CONFIG_UMSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
CONFIG_NFSD=m
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/arch/sparc64/defconfig linux/arch/sparc64/defconfig
--- linux.orig/arch/sparc64/defconfig Fri May 8 00:11:28 1998
+++ linux/arch/sparc64/defconfig Sun Jun 14 22:34:05 1998
@@ -241,6 +241,8 @@
# CONFIG_QUOTA is not set
CONFIG_MINIX_FS=m
CONFIG_EXT2_FS=y
+# CONFIG_SECURE_EXT2 is not set
+# CONFIG_SECURE_EXT2_ROOT_LUSER is not set
CONFIG_ISO9660_FS=y
# CONFIG_JOLIET is not set
CONFIG_FAT_FS=m
@@ -248,6 +250,8 @@
# CONFIG_UMSDOS_FS is not set
# CONFIG_VFAT_FS is not set
CONFIG_PROC_FS=y
+# CONFIG_SECURE_PROC is not set
+# CONFIG_SECURE_PROC_ROOT_LUSER is not set
CONFIG_NFS_FS=y
CONFIG_NFSD=m
CONFIG_SUNRPC=y
diff -r -u -x [*~] linux.orig/fs/Config.in linux/fs/Config.in
--- linux.orig/fs/Config.in Sat Apr 4 09:45:14 1998
+++ linux/fs/Config.in Sun Jun 14 22:28:28 1998
@@ -8,6 +8,12 @@

tristate 'Minix fs support' CONFIG_MINIX_FS
tristate 'Second extended fs support' CONFIG_EXT2_FS
+if [ "$CONFIG_EXPERIMENTAL" = "y" -a "$CONFIG_EXT2_FS" = "y" -o "$CONFIG_EXT2_FS" = "m" ]; then
+ bool ' Secure ext2 extention [EXPERIMENTAL]' CONFIG_SECURE_EXT2
+ if [ "$CONFIG_SECURE_EXT2" = "y" ]; then
+ bool ' Root is luser [EXPERIMENTAL]' CONFIG_SECURE_EXT2_ROOT_LUSER
+ fi
+fi

tristate 'ISO9660 cdrom filesystem support' CONFIG_ISO9660_FS
if [ "$CONFIG_ISO9660_FS" != "n" ]; then
@@ -21,6 +27,13 @@
dep_tristate 'VFAT (Windows-95) fs support' CONFIG_VFAT_FS $CONFIG_FAT_FS

bool '/proc filesystem support' CONFIG_PROC_FS
+if [ "$CONFIG_EXPERIMENTAL" = "y" -a "$CONFIG_PROC_FS" = "y" ]; then
+ bool ' Secure procfs [EXPERIMENTAL]' CONFIG_SECURE_PROC
+ if [ "$CONFIG_SECURE_PROC" = "y" ]; then
+ bool ' Root is luser [EXPERIMENTAL]' CONFIG_SECURE_PROC_ROOT_LUSER
+ fi
+fi
+
if [ "$CONFIG_INET" = "y" ]; then
tristate 'NFS filesystem support' CONFIG_NFS_FS
if [ "$CONFIG_NFS_FS" = "y" -a "$CONFIG_IP_PNP" = "y" ]; then
diff -r -u -x [*~] linux.orig/fs/ext2/dir.c linux/fs/ext2/dir.c
--- linux.orig/fs/ext2/dir.c Wed May 20 13:08:35 1998
+++ linux/fs/ext2/dir.c Sun Jun 14 22:09:40 1998
@@ -199,15 +199,33 @@
* during the copy operation.
*/
unsigned long version = inode->i_version;
-
- error = filldir(dirent, de->name,
- de->name_len,
- filp->f_pos, le32_to_cpu(de->inode));
- if (error)
- break;
- if (version != inode->i_version)
- goto revalidate;
- stored ++;
+#ifdef CONFIG_SECURE_EXT2
+ struct inode *v_inode = iget( inode->i_sb, le32_to_cpu( de->inode ) );
+ i = v_inode->i_mode;
+ if( current->fsuid == v_inode->i_uid )
+ i >>= 6;
+ else if( in_group_p( v_inode->i_gid ) )
+ i >>= 3;
+ iput( v_inode );
+ if(
+#ifdef CONFIG_SECURE_EXT2_ROOT_LUSER
+ !current->fsuid ||
+#endif
+ current->fsuid == inode->i_uid ||
+ ( i & S_IROTH ) == S_IROTH
+ ) {
+#endif
+ error = filldir(dirent, de->name,
+ de->name_len,
+ filp->f_pos, le32_to_cpu(de->inode));
+ if (error)
+ break;
+ if (version != inode->i_version)
+ goto revalidate;
+ stored ++;
+#ifdef CONFIG_SECURE_EXT2
+ }
+#endif
}
filp->f_pos += le16_to_cpu(de->rec_len);
}
diff -r -u -x [*~] linux.orig/fs/proc/base.c linux/fs/proc/base.c
--- linux.orig/fs/proc/base.c Wed Mar 11 15:45:53 1998
+++ linux/fs/proc/base.c Sun Jun 14 18:29:28 1998
@@ -78,7 +78,11 @@
*/
struct proc_dir_entry proc_pid = {
PROC_PID_INO, 5, "<pid>",
+#ifdef CONFIG_SECURE_PROC
+ S_IFDIR | S_IRUSR | S_IXUSR, 2, 0, 0,
+#else
S_IFDIR | S_IRUGO | S_IXUGO, 2, 0, 0,
+#endif
0, &proc_base_inode_operations,
NULL, proc_pid_fill_inode,
NULL, &proc_root, NULL
@@ -86,7 +90,11 @@

static struct proc_dir_entry proc_pid_status = {
PROC_PID_STATUS, 6, "status",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations,
NULL, proc_pid_fill_inode,
};
@@ -128,7 +136,11 @@
};
static struct proc_dir_entry proc_pid_cmdline = {
PROC_PID_CMDLINE, 7, "cmdline",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations,
NULL, proc_pid_fill_inode,
};
@@ -140,13 +152,21 @@
};
static struct proc_dir_entry proc_pid_statm = {
PROC_PID_STATM, 5, "statm",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations,
NULL, proc_pid_fill_inode,
};
static struct proc_dir_entry proc_pid_maps = {
PROC_PID_MAPS, 4, "maps",
+#ifdef CONFIG_SECURE_PROC
+ S_IFIFO | S_IRUSR, 1, 0, 0,
+#else
S_IFIFO | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_arraylong_inode_operations,
NULL, proc_pid_fill_inode,
};
@@ -154,7 +174,11 @@
#if CONFIG_AP1000
static struct proc_dir_entry proc_pid_ringbuf = {
PROC_PID_RINGBUF, 7, "ringbuf",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR | S_IWUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO | S_IWUSR, 1, 0, 0,
+#endif
0, &proc_ringbuf_inode_operations,
NULL, proc_pid_fill_inode,
};
@@ -163,7 +187,11 @@
#ifdef __SMP__
static struct proc_dir_entry proc_pid_cpu = {
PROC_PID_CPU, 3, "cpu",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations,
NULL, proc_pid_fill_inode,
};
diff -r -u -x [*~] linux.orig/fs/proc/fd.c linux/fs/proc/fd.c
--- linux.orig/fs/proc/fd.c Fri May 8 18:10:30 1998
+++ linux/fs/proc/fd.c Sun Jun 14 21:32:39 1998
@@ -180,8 +180,21 @@
read_unlock(&tasklist_lock);

ino = (pid << 16) + PROC_PID_FD_DIR + fd;
- if (filldir(dirent, buf+j, NUMBUF-j, fd+2, ino) < 0)
- goto out;
+#ifdef CONFIG_SECURE_PROC
+ i = proc_pid.mode;
+ if( current->fsuid == p->euid )
+ i >>= 6;
+ else if( in_group_p( p->gid ) )
+ i >>= 3;
+
+#ifdef CONFIG_SECURE_PROC_ROOT_LUSER
+ if( ( i & S_IROTH ) == S_IROTH )
+#else
+ if( !current->fsuid || ( i & S_IROTH ) == S_IROTH )
+#endif
+#endif
+ if (filldir(dirent, buf+j, NUMBUF-j, fd+2, ino) < 0)
+ goto out;

read_lock(&tasklist_lock);
/* filldir() might have slept, so we must re-validate "p" */
diff -r -u -x [*~] linux.orig/fs/proc/generic.c linux/fs/proc/generic.c
--- linux.orig/fs/proc/generic.c Thu May 14 10:26:22 1998
+++ linux/fs/proc/generic.c Sun Jun 14 18:32:03 1998
@@ -261,12 +261,20 @@
ent->namelen = len;

if (mode == S_IFDIR) {
+#ifdef CONFIG_SECURE_PROC
+ mode |= S_IRUSR | S_IXUSR;
+#else
mode |= S_IRUGO | S_IXUGO;
+#endif
ent->ops = &proc_dyna_dir_inode_operations;
ent->nlink = 2;
}
else if (mode == 0) {
+#ifdef CONFIG_SECURE_PROC
+ mode = S_IFREG | S_IRUSR;
+#else
mode = S_IFREG | S_IRUGO;
+#endif
ent->nlink = 1;
}
ent->mode = mode;
diff -r -u -x [*~] linux.orig/fs/proc/proc_devtree.c linux/fs/proc/proc_devtree.c
--- linux.orig/fs/proc/proc_devtree.c Tue Apr 14 17:34:00 1998
+++ linux/fs/proc/proc_devtree.c Sun Jun 14 18:45:22 1998
@@ -118,7 +118,11 @@
memset(ent, 0, sizeof(struct proc_dir_entry));
ent->name = pp->name;
ent->namelen = strlen(pp->name);
+#ifdef CONFIG_SECURE_PROC
+ ent->mode = S_IFREG | S_IRUSR;
+#else
ent->mode = S_IFREG | S_IRUGO;
+#endif
ent->nlink = 1;
ent->data = pp;
ent->read_proc = property_read_proc;
@@ -143,7 +147,11 @@
memset(ent, 0, sizeof(struct proc_dir_entry));
ent->name = p;
ent->namelen = l;
+#ifdef CONFIG_SECURE_PROC
+ ent->mode = S_IFDIR | S_IRUSR | S_IXUSR;
+#else
ent->mode = S_IFDIR | S_IRUGO | S_IXUGO;
+#endif
ent->nlink = 2;
proc_register(de, ent);
*lastp = ent;
@@ -172,7 +180,11 @@
memset(al, 0, sizeof(struct proc_dir_entry));
al->name = child->name;
al->namelen = strlen(child->name);
+#ifdef CONFIG_SECURE_PROC
+ al->mode = S_IFLNK | S_IRUSR | S_IXUSR;
+#else
al->mode = S_IFLNK | S_IRUGO | S_IXUGO;
+#endif
al->nlink = 1;
al->data = (void *) ent->name;
al->ops = &devtree_symlink_inode_operations;
@@ -190,7 +202,11 @@
memset(al, 0, sizeof(struct proc_dir_entry));
al->name = at;
al->namelen = strlen(at);
+#ifdef CONFIG_SECURE_PROC
+ al->mode = S_IFLNK | S_IRUSR | S_IXUSR;
+#else
al->mode = S_IFLNK | S_IRUGO | S_IXUGO;
+#endif
al->nlink = 1;
al->data = (void *) ent->name;
al->ops = &devtree_symlink_inode_operations;
diff -r -u -x [*~] linux.orig/fs/proc/root.c linux/fs/proc/root.c
--- linux.orig/fs/proc/root.c Sun May 17 11:34:57 1998
+++ linux/fs/proc/root.c Sun Jun 14 19:16:13 1998
@@ -157,7 +157,11 @@
#ifdef CONFIG_MCA
struct proc_dir_entry proc_mca = {
PROC_MCA, 3, "mca",
+#ifdef CONFIG_SECURE_PROC
+ S_IFDIR | S_IRUSR | S_IXUSR, 2, 0, 0,
+#else
S_IFDIR | S_IRUGO | S_IXUGO, 2, 0, 0,
+#endif
0, &proc_dir_inode_operations,
NULL, NULL,
NULL, &proc_root, NULL
@@ -167,7 +171,11 @@
#ifdef CONFIG_SYSCTL
struct proc_dir_entry proc_sys_root = {
PROC_SYS, 3, "sys", /* inode, name */
+#ifdef CONFIG_SECURE_PROC
+ S_IFDIR | S_IRUSR | S_IXUSR, 2, 0, 0, /* mode, nlink, uid, gid */
+#else
S_IFDIR | S_IRUGO | S_IXUGO, 2, 0, 0, /* mode, nlink, uid, gid */
+#endif
0, &proc_dir_inode_operations, /* size, ops */
NULL, NULL, /* get_info, fill_inode */
NULL, /* next */
@@ -298,7 +306,11 @@

struct proc_dir_entry proc_openprom = {
PROC_OPENPROM, 8, "openprom",
+#ifdef CONFIG_SECURE_PROC
+ S_IFDIR | S_IRUSR | S_IXUSR, 2, 0, 0,
+#else
S_IFDIR | S_IRUGO | S_IXUGO, 2, 0, 0,
+#endif
0, &proc_openprom_inode_operations,
NULL, NULL,
NULL,
@@ -501,19 +513,31 @@
#ifdef CONFIG_ZORRO
static struct proc_dir_entry proc_root_zorro = {
PROC_ZORRO, 5, "zorro",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#endif
static struct proc_dir_entry proc_root_cpuinfo = {
PROC_CPUINFO, 7, "cpuinfo",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#if defined (CONFIG_AMIGA) || defined (CONFIG_ATARI)
static struct proc_dir_entry proc_root_hardware = {
PROC_HARDWARE, 8, "hardware",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#endif
@@ -525,7 +549,11 @@
#ifdef CONFIG_DEBUG_MALLOC
static struct proc_dir_entry proc_root_malloc = {
PROC_MALLOC, 6, "malloc",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#endif
@@ -537,80 +565,140 @@
#ifdef CONFIG_MODULES
static struct proc_dir_entry proc_root_modules = {
PROC_MODULES, 7, "modules",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_ksyms = {
PROC_KSYMS, 5, "ksyms",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#endif
static struct proc_dir_entry proc_root_stat = {
PROC_STAT, 4, "stat",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_devices = {
PROC_DEVICES, 7, "devices",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_interrupts = {
PROC_INTERRUPTS, 10,"interrupts",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_filesystems = {
PROC_FILESYSTEMS, 11,"filesystems",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_dma = {
PROC_DMA, 3, "dma",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_ioports = {
PROC_IOPORTS, 7, "ioports",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_cmdline = {
PROC_CMDLINE, 7, "cmdline",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#ifdef CONFIG_RTC
static struct proc_dir_entry proc_root_rtc = {
PROC_RTC, 3, "rtc",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#endif
static struct proc_dir_entry proc_root_locks = {
PROC_LOCKS, 5, "locks",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_mounts = {
PROC_MTAB, 6, "mounts",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_swaps = {
PROC_SWAP, 5, "swaps",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
static struct proc_dir_entry proc_root_profile = {
PROC_PROFILE, 7, "profile",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR | S_IWUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO | S_IWUSR, 1, 0, 0,
+#endif
0, &proc_profile_inode_operations
};
static struct proc_dir_entry proc_root_slab = {
PROC_SLABINFO, 8, "slabinfo",
+#ifdef CONFIG_SECURE_PROC
+ S_IFREG | S_IRUSR, 1, 0, 0,
+#else
S_IFREG | S_IRUGO, 1, 0, 0,
+#endif
0, &proc_array_inode_operations
};
#ifdef __powerpc__
@@ -867,8 +955,24 @@
}

do {
- if (filldir(dirent, de->name, de->namelen, filp->f_pos, ino | de->low_ino) < 0)
- return 0;
+#ifdef CONFIG_SECURE_PROC
+ struct inode *v_inode = iget( inode->i_sb, ino | de->low_ino );
+ i = de->mode;
+ /* How come de->uid/gid == 0/0? */
+ if( current->fsuid == v_inode->i_uid )
+ i >>= 6;
+ else if( in_group_p( v_inode->i_gid ) )
+ i >>= 3;
+ iput( v_inode );
+
+#ifdef CONFIG_SECURE_PROC_ROOT_LUSER
+ if( ( i & S_IROTH ) == S_IROTH )
+#else
+ if( !current->fsuid || ( i & S_IROTH ) == S_IROTH )
+#endif
+#endif
+ if (filldir(dirent, de->name, de->namelen, filp->f_pos, ino | de->low_ino) < 0)
+ return 0;
filp->f_pos++;
de = de->next;
} while (de);
@@ -909,9 +1013,22 @@
i /= 10;
} while (i);

- if (filldir(dirent, buf+j, NUMBUF-j,
- filp->f_pos, (pid << 16) + PROC_PID_INO) < 0)
- break;
+#ifdef CONFIG_SECURE_PROC
+ i = proc_pid.mode;
+ if( current->fsuid == p->euid )
+ i >>= 6;
+ else if( in_group_p( p->gid ) )
+ i >>= 3;
+
+#ifdef CONFIG_SECURE_PROC_ROOT_LUSER
+ if( ( i & S_IROTH ) == S_IROTH )
+#else
+ if( !current->fsuid || ( i & S_IROTH ) == S_IROTH )
+#endif
+#endif
+ if (filldir(dirent, buf+j, NUMBUF-j,
+ filp->f_pos, (pid << 16) + PROC_PID_INO) < 0)
+ break;
}
filp->f_pos++;
}

--------------59F129F05165F1C84E7D8DED--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu