2.0.xx had a SecureLevel. It was implemented in the /proc file system. Once
it was set to non-zero, you could not change the immutable flag. It also
looked like you could not load modules once the securelevel was set to
non-zero. The original implementation set the flags for it to 444. Just for
grins, I changed this to 644 and wrote to it. This worked. Unfortunately,
the code for securelevel strategy is kind of broken because I could set it
back to 0 after it had been elevated. At this point I quit looking at it.
I went through the 2.2.x code looking at this. It now uses the CAPABILITY
which I don't understand at all. The only reference I could find to
capabilities was in reference to ELF file headers.
I would be interested in whatever you find out.
George Sexton
MH Software, Inc.
Voice: 303 438 9585
Fax: 303 469 9679
URL: http://www.mhsoftware.com
-----Original Message-----
From: owner-linux-kernel@vger.rutgers.edu
[mailto:owner-linux-kernel@vger.rutgers.edu]On Behalf Of Thomas Habets
Sent: Wednesday, September 08, 1999 1:28 PM
To: linux-kernel@vger.rutgers.edu
Subject: Immutable file bug
I was looking into how security levels are implemented in linux and I
stumbled on what I think is a bug.
An immutable file can still be touched to change its date. I'm not really
sure if immutable should prohibit that but I think so (since you can't
change permissions on an immutable file) and I think it should.
I traced it to sys_utime() and sys_utimes() in fs/open.c and patched it
there. But after seing directories turning into files (spooky) i tried
again and patched inode_change_ok() in fs/attr.c.
Oh, and a question: does linux even *have* security levels? I assumed it
did since it has immutable files but people say it doesn't have it.
IMPORTANT NOTE:
This patch works for me but am sure Linus will beat me silly for patching
absolutely wrong.
--- linux-2.2.12/fs/attr.c Fri Nov 13 19:07:26 1998
+++ marvin-2.2.12/fs/attr.c Wed Sep 8 20:57:39 1999
@@ -17,6 +17,10 @@
int retval = -EPERM;
unsigned int ia_valid = attr->ia_valid;
+ /* don't touch if immutable */
+ if (IS_IMMUTABLE(inode)) {
+ goto error;
+ }
+
/* If force is set do it anyway. */
if (ia_valid & ATTR_FORCE)
goto fine;
---------
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "thomas@habets.pp.se" };
char os[] = { "Linux 2.2" };
char *pgpKey[] = { "finger -m thompa@nss.nu" };
} me_t;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/