[17011] in bugtraq
eth-security : ANNOUNCE : Resources no for ALL
daemon@ATHENA.MIT.EDU (yeti)
Tue Oct 3 01:28:02 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.3.96.1001002142216.5778A-100000@sv>
Date: Mon, 2 Oct 2000 14:48:57 +0200
Reply-To: yeti <y3t1@ETH-SECURITY.NET>
From: yeti <y3t1@ETH-SECURITY.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
--== Resources Not for All ==--
version 1.0
by y3t1@eth-security.net
-- ===== --
Overview
-- ===== --
RnA is collection of security improvements for
- FreeBSD 4.0-RELASE
Restricted kernel process table and proc filesystem
*---------------------------------------------------*
This patch gives limited access for non-root to process table ,only root
see all process and have access to their entries in proc filesystem.
Permission to directories in proc filesystem is changed
to 550 (dr-xr-x---) .Non-root users can only see own proceses.
some example :
from root console :
pc1:~# ps ax
PID TT STAT TIME COMMAND
0 ?? DLs 0:00.01 (swapper)
1 ?? ILs 0:00.17 /sbin/init --
2 ?? DL 0:03.64 (pagedaemon)
3 ?? DL 0:00.00 (vmdaemon)
4 ?? DL 0:00.01 (bufdaemon)
5 ?? DL 0:00.54 (syncer)
25 ?? Is 0:00.00 adjkerntz -i
[...]
from user :
pc1:~$ ps ax
PID TT STAT TIME COMMAND
154 v3 Ss 0:00.17 -bash (bash)
406 v3 R+ 0:00.00 ps ax
Restricted who/w/last
*---------------------------------------------------*
Restricted who/w/last gives limited access to utmp/wtmp entries.
Users can see only own login to system (no group like w_all,w_grp) ,
but if user is added to group w_grp can see own and group login .
Group w_all is for trusted users that have full read access to utmp/wtmp .
for example :
from root console :
pc1:~# who
root ttyv0 Sep 27 21:32
root ttyv1 Sep 27 20:20
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
blah ttyp2 Sep 27 20:30 (195.17.21.113)
lump ttyp5 Sep 20 13.56 (63.30.55.243)
from non-root console
pc1:~$ who
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
from non-root console if user is added to group w_all
pc1:~$ who
root ttyv0 Sep 27 21:32
root ttyv1 Sep 27 20:20
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
blah ttyp2 Sep 27 20:30 (195.17.21.113)
plum ttyp5 Sep 20 13.56 (63.30.55.243)
from non-root console if user is added to group w_grp
pc1:~$ who
y3t1 ttyp1 Sep 27 22:06 (100.0.0.2)
blah ttyp2 Sep 27 20:30 (195.17.21.113)
plum ttyp5 Sep 20 13.56 (63.30.55.243)
Commands w/last are restricted with similar way .
How to Install
*---------------------------------------------------*
De-tar rna archive
tar xvzf rna.tar.gz
and run
cd RnA/
./RnA
cd /sys/compile/your_kernel_name/
make config
make
make install
cd /usr/src/usr.bin/who
make
make install
cd /usr/src/usr.bin/w
make
make install
cd /usr/src/usr.bin/last
make
make install
Check permission to who/w/last (need sgid uwtmp group) and reboot your system .
How to get
*---------------------------------------------------*
New version of rna you can get from :
ftp://ftp.eth-security.net/pub/rna.tar.gz
http://www.eth-security.net/files/rna.tar.gz
http://rast.lodz.pdi.net/~y3t1/rna.tar.gz
Greets
*---------------------------------------------------*
vx@mtl.pl - inspirate me to write this patches
z33d@eth-security.net - b00m b00m b00m ... dawac pieniadze
Admins from
Institute of Physics(Wroclaw) - for testing patches and good diners
all on :
#sigsegv@ircnet : z33d,funkySh,Kris,detergent,crashkill,cliph,xfer
and other cool guys
rastlin,tmoggie,Shadow,Trolinka,lcamtuf,kodzak,venglin,spaceman
