Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

eth-security : ANNOUNCE : Resources no for ALL

From: yeti <y3t1 () ETH-SECURITY NET>
Date: Mon, 2 Oct 2000 14:48:57 +0200
                --==    Resources Not for All  ==--
                           version 1.0

                                by y3t1 () eth-security net


-- ===== --
 Overview
-- ===== --

RnA is collection of security improvements for
       - FreeBSD 4.0-RELASE


 Restricted kernel process table and proc filesystem
*---------------------------------------------------*

This patch gives limited access for non-root to process table ,only root
see all process and have access to their entries in proc filesystem.
Permission to directories in proc filesystem is changed
to 550 (dr-xr-x---)  .Non-root users can only see own proceses.

some example :

from root console :

pc1:~# ps ax
  PID  TT  STAT      TIME COMMAND
    0  ??  DLs    0:00.01  (swapper)
    1  ??  ILs    0:00.17 /sbin/init --
    2  ??  DL     0:03.64  (pagedaemon)
    3  ??  DL     0:00.00  (vmdaemon)
    4  ??  DL     0:00.01  (bufdaemon)
    5  ??  DL     0:00.54  (syncer)
   25  ??  Is     0:00.00 adjkerntz -i
[...]

from user :

pc1:~$ ps ax
  PID  TT  STAT      TIME COMMAND
  154  v3  Ss     0:00.17 -bash (bash)
  406  v3  R+     0:00.00 ps ax

 Restricted who/w/last
*---------------------------------------------------*

Restricted who/w/last gives limited access to utmp/wtmp entries.
Users can see only own login to system (no group like w_all,w_grp) ,
but if user is added to group w_grp can see own and group login .
Group w_all is for trusted users that have full read access to utmp/wtmp .

for example :

from root console :

pc1:~# who
root             ttyv0   Sep 27 21:32
root             ttyv1   Sep 27 20:20
y3t1             ttyp1   Sep 27 22:06 (100.0.0.2)
blah             ttyp2   Sep 27 20:30 (195.17.21.113)
lump             ttyp5   Sep 20 13.56 (63.30.55.243)

from non-root console

pc1:~$ who
y3t1             ttyp1   Sep 27 22:06 (100.0.0.2)


from non-root console if user is added to group w_all

pc1:~$ who
root             ttyv0   Sep 27 21:32
root             ttyv1   Sep 27 20:20
y3t1             ttyp1   Sep 27 22:06 (100.0.0.2)
blah             ttyp2   Sep 27 20:30 (195.17.21.113)
plum             ttyp5   Sep 20 13.56 (63.30.55.243)

from non-root console if user is added to group w_grp

pc1:~$ who
y3t1             ttyp1   Sep 27 22:06 (100.0.0.2)
blah             ttyp2   Sep 27 20:30 (195.17.21.113)
plum             ttyp5   Sep 20 13.56 (63.30.55.243)

Commands w/last are restricted with similar way .

 How to Install
*---------------------------------------------------*

De-tar rna archive

tar xvzf rna.tar.gz

and run

cd RnA/
./RnA

cd /sys/compile/your_kernel_name/
make config
make
make install

cd /usr/src/usr.bin/who
make
make install

cd /usr/src/usr.bin/w
make
make install

cd /usr/src/usr.bin/last
make
make install

Check permission to who/w/last (need sgid uwtmp group) and reboot your system .


  How to get
*---------------------------------------------------*

New version of rna you can get from :

ftp://ftp.eth-security.net/pub/rna.tar.gz
http://www.eth-security.net/files/rna.tar.gz
http://rast.lodz.pdi.net/~y3t1/rna.tar.gz

 Greets
*---------------------------------------------------*

vx () mtl pl                         - inspirate me to write this patches
z33d () eth-security net             - b00m b00m b00m ... dawac pieniadze
Admins from
Institute of Physics(Wroclaw)     - for testing patches and good diners
                                
all on :

       #sigsegv@ircnet :  z33d,funkySh,Kris,detergent,crashkill,cliph,xfer

and other cool guys

       rastlin,tmoggie,Shadow,Trolinka,lcamtuf,kodzak,venglin,spaceman
Previous By Date Next
Previous By Thread Next

Current thread: