How to implement a http(apache)-access-only system
in [Unix Programming]
|
Prev: JOB Opening: Urgent required System software Engineers Exp:2-4years
Next: How to avoid the spam on this news group?
From: lovecreatesbeauty on 26 Nov 2009 20:39 On Nov 25, 9:29 pm, Rainer Weikusat <rweiku...(a)mssgmbh.com> wrote: > Leaving the issue with the trashed dentries aside, I assume that a > file named tini/nibs/ simply doesn't exist on your system. But don't thanks. I also saw that before myself. I thought I've fixed it. if it can boot, how can you see that :) > worry to much about that --- since the system won't boot anymore, > files have successfully been secured against accesses of any user > without a screwdriver ...
From: lovecreatesbeauty on 26 Nov 2009 20:42 On Nov 25, 11:19 pm, lovecreatesbeautifulgi...(a)gmail.com wrote: > You are definitely implementing a policy in kernel, and it's too stupid. > Stop. I admit that it's a bit dangerous, but isn't the thing - custom kernel done this way?
From: lovecreatesbeauty on 27 Nov 2009 00:05 On Nov 25, 5:01 pm, "lovecreatesbea...(a)gmai1.c0m" <lovecreatesbea...(a)gmail.com> wrote: [..] correction: (similar code applied to sys_unlink and sys_rename in namei.c also) --- a\linux-2.6.26\fs\open.c 2008-07-14 05:51:30.000000000 +-0800 +++ b\linux-2.6.26\fs\open.c 2009-11-27 12:46:54.000000000 +-0800 @@ -1078,17 +1078,65 @@ rcu_assign_pointer(fdt->fd[fd], file); spin_unlock(&files->file_lock); } EXPORT_SYMBOL(fd_install); +/* strrvs is by jian hua li, http://www.grex.org/~jhl/miscc.txt */ +static unsigned char *strrvs(unsigned char *p) +{ + unsigned char *p1, *p2, ch; + + for (p1 = p; *(p1 + 1); p1++) ; + for (p2 = p; p2 < p1; p2++, p1--) + ch = *p2, *p2 = *p1, *p1 = ch; + return p; +} + long do_sys_open(int dfd, const char __user *filename, int flags, int mode) { char *tmp = getname(filename); int fd = PTR_ERR(tmp); + char *s1 = "/var/www"; + char *s2 = "apache2"; + unsigned char fullname[2048] = {'\0'}; + unsigned char s[2048] = {'\0'}; + struct dentry *dentry = current->fs->pwd.dentry; + if (filename[0] != '/'){ + strncpy(s, filename, sizeof s - 1); + strncpy(fullname, strrvs(s), sizeof fullname - 1); + if (filename[0] == '.' && filename[1] == '.'){ + /* ../a.c: drop ../ */ + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + } else { + /* a.c, ./a.c: plus dentry->d_name.name */ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } + while (dentry->d_parent->d_name.name[0] != '/'){ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + dentry = dentry->d_parent; + } + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + strrvs(fullname); + } else + strncpy(fullname, filename, sizeof fullname - 1); + if (strstr(fullname, s1) && strcmp(current->comm, s2)){ + printk("%s:%d, %s, %s, %s\n", __FILE__, __LINE__, current->comm, filename, + current->fs->pwd.dentry->d_parent->d_iname); + return -EPERM; + } if (!IS_ERR(tmp)) { fd = get_unused_fd_flags(flags); if (fd >= 0) { struct file *f = do_filp_open(dfd, tmp, flags, mode); if (IS_ERR(f)) { put_unused_fd(fd);
From: Wanna-Be Sys Admin on 28 Nov 2009 16:48 lovecreatesbeauty(a)gmai1.c0m wrote: > On Nov 25, 5:01 pm, "lovecreatesbea...(a)gmai1.c0m" > <lovecreatesbea...(a)gmail.com> wrote: > [..] > > correction: (similar code applied to sys_unlink and sys_rename in > namei.c also) > .... Why are you still trying this solution? If you said so, I didn't see a reply. Can you TRUST the root user? Are you just trying to make root "think before doing"? You do realize root can do a ton of things to circumvent this attempt at keeping root out of a directory/partition that you only want Apache to have access to. This will never work. You simply can not keep root from doing anything they want. Not in this environment anyway. So, exactly what are you trying to keep root out for? If it's just to make it so root run automated processes or commands someone might run without thinking from doing things, then it could work okay, but if you can't trust root, then you are screwed no matter what you're trying. Anyway, it would be simple enough for root to either unload a module, replacing it with another, upload their own kernel, boot into a different one, or just run any of their processes they want to read that directory as the Apache user anyway (which instantly takes away all of your attempts to stop them from read/access), and they needn't do anything special or complicated to do that. So, what's the point of this? -- Not really a wanna-be, but I don't know everything.
From: lovecreatesbeauty on 11 Dec 2009 03:37 On Nov 27, 1:05 pm, "lovecreatesbea...(a)gmai1.c0m" <lovecreatesbea...(a)gmail.com> wrote: > update. diff -uprN linux-2.6.18.orig/fs/namei.c linux-2.6.18/fs/namei.c --- linux-2.6.18.orig/fs/namei.c 2009-12-01 16:20:12.000000000 +0800 +++ linux-2.6.18/fs/namei.c 2009-12-11 16:27:48.000000000 +0800 @@ -37,6 +37,9 @@ #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) +extern char fs_uit_wdsk_access_app[]; +extern char fs_uit_wdsk_access_pth[]; + /* [Feb-1997 T. Schoebel-Theuer] * Fundamental changes in the pathname lookup mechanisms (namei) * were necessary because of omirr. The reason is that omirr needs @@ -2075,6 +2078,17 @@ int vfs_unlink(struct inode *dir, struct return error; } +/* strrvs is by jian hua li, http://www.grex.org/~jhl/miscc.txt */ +static unsigned char *strrvs(unsigned char *p) +{ + unsigned char *p1, *p2, ch; + + for (p1 = p; *(p1 + 1); p1++) ; + for (p2 = p; p2 < p1; p2++, p1--) + ch = *p2, *p2 = *p1, *p1 = ch; + return p; +} + /* * Make sure that the actual truncation of the file will occur outside its * directory's i_mutex. Truncate can take a long time if there is a lot of @@ -2088,6 +2102,64 @@ static long do_unlinkat(int dfd, const c struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; + char *s1 = fs_uit_wdsk_access_pth; /*"/var/www;/root;/home/jhl"*/ + char *s2 = fs_uit_wdsk_access_app; /*"apache2;tomcat;blahblah"*/ + unsigned char fullname[512] = {'\0'}; + unsigned char s[512] = {'\0'}; + struct dentry *dent = current->fs->pwd /* .dentry */; + unsigned char *p; + unsigned int cnt = 0; + + if (pathname[0] != '/'){ + strncpy(s, pathname, sizeof s - 1); + strncpy(fullname, strrvs(s), sizeof fullname - 1); + if (pathname[0] == '.' && pathname[1] == '.'){ + /* ../../a.c: drop all ../../ so drop three letters ../ then other three, etc */ + while (fullname[strlen(fullname) - 1] == '.' && fullname[strlen (fullname) - 2] == '.'){ + cnt++; + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + } + while (--cnt){ + p = strrchr(fullname, '/'); + *p = '\0'; + } + } else if (pathname[0] == '.' && pathname[1] == '/'){ + /* ./a.c: drop ./ and plus dentry->d_name.name */ + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } else { + /* a.c: plus dentry->d_name.name */ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } + while (dent->d_parent->d_name.name[0] != '/'){ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dent->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + dent = dent->d_parent; + } + memset(s, '\0', sizeof s); + strncpy(s, dent->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + strrvs(fullname); + } else + strncpy(fullname, pathname, sizeof fullname - 1); + p = strrchr(fullname, '/'); + *p = '\0'; + p = strstr(s1, fullname); + if (p && p[strlen(fullname)] == ';' && !strstr(s2, current->comm)){ + printk("%s:%d, %s, %s, %s, %s\n", __FILE__, __LINE__, current- >comm, fullname, s2, s1); + return -EPERM; + } name = getname(pathname); if(IS_ERR(name)) @@ -2529,6 +2601,64 @@ asmlinkage long sys_renameat(int olddfd, int error; char * from; char * to; + char *s1 = fs_uit_wdsk_access_pth; /*"/var/www;/root;/home/jhl"*/ + char *s2 = fs_uit_wdsk_access_app; /*"apache2;tomcat;blahblah"*/ + unsigned char fullname[512] = {'\0'}; + unsigned char s[512] = {'\0'}; + struct dentry *dentry = current->fs->pwd /* .dentry */; + unsigned char *p; + unsigned int cnt = 0; + + if (oldname[0] != '/'){ + strncpy(s, oldname, sizeof s - 1); + strncpy(fullname, strrvs(s), sizeof fullname - 1); + if (oldname[0] == '.' && oldname[1] == '.'){ + /* ../../a.c: drop all ../../ so drop three letters ../ then other three, etc */ + while (fullname[strlen(fullname) - 1] == '.' && fullname[strlen (fullname) - 2] == '.'){ + cnt++; + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + } + while (--cnt){ + p = strrchr(fullname, '/'); + *p = '\0'; + } + } else if (oldname[0] == '.' && oldname[1] == '/'){ + /* ./a.c: drop ./ and plus dentry->d_name.name */ + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } else { + /* a.c: plus dentry->d_name.name */ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } + while (dentry->d_parent->d_name.name[0] != '/'){ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + dentry = dentry->d_parent; + } + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + strrvs(fullname); + } else + strncpy(fullname, oldname, sizeof fullname - 1); + p = strrchr(fullname, '/'); + *p = '\0'; + p = strstr(s1, fullname); + if (p && p[strlen(fullname)] == ';' && !strstr(s2, current->comm)){ + printk("%s:%d, %s, %s, %s, %s\n", __FILE__, __LINE__, current- >comm, fullname, s2, s1); + return -EPERM; + } from = getname(oldname); if(IS_ERR(from)) diff -uprN linux-2.6.18.orig/fs/open.c linux-2.6.18/fs/open.c --- linux-2.6.18.orig/fs/open.c 2009-12-01 16:20:12.000000000 +0800 +++ linux-2.6.18/fs/open.c 2009-12-11 16:28:12.000000000 +0800 @@ -31,6 +31,9 @@ #include <asm/unistd.h> +char fs_uit_wdsk_access_app[1024] = {'\0'}; +char fs_uit_wdsk_access_pth[1024] = {'\0'}; + int vfs_statfs(struct dentry *dentry, struct kstatfs *buf) { int retval = -ENODEV; @@ -1075,10 +1078,79 @@ void fastcall fd_install(unsigned int fd EXPORT_SYMBOL(fd_install); +/* strrvs is by jian hua li, http://www.grex.org/~jhl/miscc.txt */ +static unsigned char *strrvs(unsigned char *p) +{ + unsigned char *p1, *p2, ch; + + for (p1 = p; *(p1 + 1); p1++) ; + for (p2 = p; p2 < p1; p2++, p1--) + ch = *p2, *p2 = *p1, *p1 = ch; + return p; +} + long do_sys_open(int dfd, const char __user *filename, int flags, int mode) { char *tmp = getname(filename); int fd = PTR_ERR(tmp); + char *s1 = fs_uit_wdsk_access_pth; /*"/var/www;/root;/home/jhl"*/ + char *s2 = fs_uit_wdsk_access_app; /*"apache2;tomcat;blahblah"*/ + unsigned char fullname[512] = {'\0'}; + unsigned char s[512] = {'\0'}; + struct dentry *dentry = current->fs->pwd /* .dentry */; + unsigned char *p; + unsigned int cnt = 0; + + if (filename[0] != '/'){ + strncpy(s, filename, sizeof s - 1); + strncpy(fullname, strrvs(s), sizeof fullname - 1); + if (filename[0] == '.' && filename[1] == '.'){ + /* ../../a.c: drop all ../../ so drop three letters ../ then other three, etc */ + while (fullname[strlen(fullname) - 1] == '.' && fullname[strlen (fullname) - 2] == '.'){ + cnt++; + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + } + while (--cnt){ + p = strrchr(fullname, '/'); + *p = '\0'; + } + } else if (filename[0] == '.' && filename[1] == '/'){ + /* ./a.c: drop ./ and plus dentry->d_name.name */ + fullname[strlen(fullname) - 1] = '\0'; + fullname[strlen(fullname) - 1] = '\0'; + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } else { + /* a.c: plus dentry->d_name.name */ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + } + while (dentry->d_parent->d_name.name[0] != '/'){ + strncat(fullname, "/", sizeof fullname - 1); + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + dentry = dentry->d_parent; + } + memset(s, '\0', sizeof s); + strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1); + strncat(fullname, strrvs(s), sizeof fullname - 1); + strrvs(fullname); + } else + strncpy(fullname, filename, sizeof fullname - 1); + p = strrchr(fullname, '/'); + *p = '\0'; + p = strstr(s1, fullname); + if (p && p[strlen(fullname)] == ';' && !strstr(s2, current->comm)){ + printk("%s:%d, %s, %s, %s, %s\n", __FILE__, __LINE__, current- >comm, fullname, s2, s1); + return -EPERM; + } if (!IS_ERR(tmp)) { fd = get_unused_fd(); diff -uprN linux-2.6.18.orig/include/linux/sysctl.h linux-2.6.18/ include/linux/sysctl.h --- linux-2.6.18.orig/include/linux/sysctl.h 2009-12-01 16:20:12.000000000 +0800 +++ linux-2.6.18/include/linux/sysctl.h 2009-12-03 09:33:06.000000000 +0800 @@ -794,6 +794,8 @@ enum FS_AIO_NR=18, /* current system-wide number of aio requests */ FS_AIO_MAX_NR=19, /* system-wide maximum number of aio requests */ FS_INOTIFY=20, /* inotify submenu */ + FS_UIT_WDSK_ACCESS_APP=21, /* UIT WDSK access app */ + FS_UIT_WDSK_ACCESS_PTH=22, /* UIT WDSK access pth */ }; /* /proc/sys/fs/quota/ */ diff -uprN linux-2.6.18.orig/kernel/sysctl.c linux-2.6.18/kernel/ sysctl.c --- linux-2.6.18.orig/kernel/sysctl.c 2009-12-01 16:20:11.000000000 +0800 +++ linux-2.6.18/kernel/sysctl.c 2009-12-03 09:32:06.000000000 +0800 @@ -162,6 +162,10 @@ extern ctl_table inotify_table[]; int sysctl_legacy_va_layout; #endif +/* UIT WDSK access */ +extern char fs_uit_wdsk_access_app[]; +extern char fs_uit_wdsk_access_pth[]; + /* /proc declarations: */ #ifdef CONFIG_PROC_FS @@ -1030,6 +1034,24 @@ static ctl_table fs_table[] = { .mode = 0644, .proc_handler = &proc_dointvec, }, + { + .ctl_name = FS_UIT_WDSK_ACCESS_APP, + .procname = "wdsk_app", + .data = fs_uit_wdsk_access_app, + .maxlen = 1024 - 1, + .mode = 0644, + .proc_handler = &proc_dostring, + .strategy = &sysctl_string, + }, + { + .ctl_name = FS_UIT_WDSK_ACCESS_PTH, + .procname = "wdsk_pth", + .data = fs_uit_wdsk_access_pth, + .maxlen = 1024 - 1, + .mode = 0644, + .proc_handler = &proc_dostring, + .strategy = &sysctl_string, + }, #ifdef CONFIG_DNOTIFY { .ctl_name = FS_DIR_NOTIFY,
First
|
Prev
|
Pages: 1 2 3 4 5 Prev: JOB Opening: Urgent required System software Engineers Exp:2-4years Next: How to avoid the spam on this news group? |