Re: Security patch for /proc

Malcolm Beattie (mbeattie@sable.ox.ac.uk)
Wed, 1 Apr 1998 11:20:45 +0100 (BST)


Gerhard Mack writes:
> On Wed, 1 Apr 1998, Rob Hagopian wrote:
>
> > Most programs (apache comes to mind) drop root as soon as they've got the
> > port and don't do anything else as root, so it's shouldn't be a problem.
> > Frankly, I really don't want users trying to start daemons for services
> > I've intentionally disabled.
> >
> > There was, at one point, something circulating about security patches to
> > give more fine grained allocation of things like the lower ports which
> > solves both problems, but I haven't heard anything recently...
> >
> -Rob H.
> I'll clarify, I saw some work a few months ago to control access to those
> ports. Not everyone needs/should get access to them, but root IMHO is
> overkill.

I wrote a tiny "sockfs" filesystem last year which lets you set
owner, group and permissions on privileged sockets. If slapd is the
username under which you're running the slapd LDAP daemon (for
example) then you do
insmod sockfs.o
mount -t sockfs sockfs /sock
chown slapd /sock/389

The write permission bit (and owner and group) set on each /sock/n
determines who can bind to port n. Other permission bits are ignored.

I mailed it uuencoded to linux-kernel last September since it's so
small (6K), but I've now also made it available from
ftp://ftp.ox.ac.uk/pub/linux/sockfs-a1.tar.gz

It's only for 2.0 but it should be easy enough to port to 2.1.
The only kernel patch involved is the addition of a prot_sock_ok
function pointer (which the sockfs filesystem modules reassigns)
and the important part is just:

if (snum == 0)
snum = get_new_socknum(sk->prot, 0);
+ if (prot_sock_ok)
+ return prot_sock_ok(AF_INET, snum);
if (snum < PROT_SOCK && !suser())
return(-EACCES);

--Malcolm

-- 
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu