lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LNX.2.00.1105191313390.22490@swampdragon.chaosbits.net>
Date:	Thu, 19 May 2011 13:15:24 +0200 (CEST)
From:	Jesper Juhl <jj@...osbits.net>
To:	samsonov@...sta.ru
cc:	linux-kernel@...r.kernel.org
Subject: Re: Some patches for ppp_generic.c and proc/base.c

On Thu, 19 May 2011, samsonov@...sta.ru wrote:

> Good day!
> I mean that /proc file permission for process information must be
> secure:
> 

I'm not going to comment on whether or not changing the mode is 
appropriate, but there are a few other details I will comment on:

[...]
> --- ./linux-2.6.33.4.orig/drivers/net/ppp_generic.c	2010-05-13 02:04:27.000000000 +0400
> +++ ./linux-2.6.33.4/drivers/net/ppp_generic.c	2011-05-10 13:51:11.909607463 +0400
> @@ -366,8 +366,8 @@
>  	/*
>  	 * This could (should?) be enforced by the permissions on /dev/ppp.
>  	 */
> -	if (!capable(CAP_NET_ADMIN))
> -		return -EPERM;
> +//	if (!capable(CAP_NET_ADMIN))
> +//		return -EPERM;

Don't just comment out lines. If they should go away, just remove them.


[...]
> --- ./linux-2.6.33.4.orig/fs/attr.c	2010-05-13 02:04:27.000000000 +0400
> +++ ./linux-2.6.33.4/fs/attr.c	2011-05-10 14:25:57.727062904 +0400
> @@ -35,11 +35,10 @@
>  
>  	/* Make sure caller can chgrp. */
>  	if ((ia_valid & ATTR_GID) &&
> -	    (current_fsuid() != inode->i_uid ||
> -	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
> -	    !capable(CAP_CHOWN))
> +	    !(in_group_p(attr->ia_gid) && is_owner_or_cap(inode)))
>  		goto error;
>  
> +
Why are you adding an extra blank line here? Seems rather pointless.


-- 
Jesper Juhl <jj@...osbits.net>       http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ