Bugtraq mailing list archives
eth-security : ANNOUNCE : Resources no for ALL
From: yeti <y3t1 () ETH-SECURITY NET>
Date: Mon, 2 Oct 2000 14:48:57 +0200
--== Resources Not for All ==-- version 1.0 by y3t1 () eth-security net -- ===== -- Overview -- ===== -- RnA is collection of security improvements for - FreeBSD 4.0-RELASE Restricted kernel process table and proc filesystem *---------------------------------------------------* This patch gives limited access for non-root to process table ,only root see all process and have access to their entries in proc filesystem. Permission to directories in proc filesystem is changed to 550 (dr-xr-x---) .Non-root users can only see own proceses. some example : from root console : pc1:~# ps ax PID TT STAT TIME COMMAND 0 ?? DLs 0:00.01 (swapper) 1 ?? ILs 0:00.17 /sbin/init -- 2 ?? DL 0:03.64 (pagedaemon) 3 ?? DL 0:00.00 (vmdaemon) 4 ?? DL 0:00.01 (bufdaemon) 5 ?? DL 0:00.54 (syncer) 25 ?? Is 0:00.00 adjkerntz -i [...] from user : pc1:~$ ps ax PID TT STAT TIME COMMAND 154 v3 Ss 0:00.17 -bash (bash) 406 v3 R+ 0:00.00 ps ax Restricted who/w/last *---------------------------------------------------* Restricted who/w/last gives limited access to utmp/wtmp entries. Users can see only own login to system (no group like w_all,w_grp) , but if user is added to group w_grp can see own and group login . Group w_all is for trusted users that have full read access to utmp/wtmp . for example : from root console : pc1:~# who root ttyv0 Sep 27 21:32 root ttyv1 Sep 27 20:20 y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) blah ttyp2 Sep 27 20:30 (195.17.21.113) lump ttyp5 Sep 20 13.56 (63.30.55.243) from non-root console pc1:~$ who y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) from non-root console if user is added to group w_all pc1:~$ who root ttyv0 Sep 27 21:32 root ttyv1 Sep 27 20:20 y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) blah ttyp2 Sep 27 20:30 (195.17.21.113) plum ttyp5 Sep 20 13.56 (63.30.55.243) from non-root console if user is added to group w_grp pc1:~$ who y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) blah ttyp2 Sep 27 20:30 (195.17.21.113) plum ttyp5 Sep 20 13.56 (63.30.55.243) Commands w/last are restricted with similar way . How to Install *---------------------------------------------------* De-tar rna archive tar xvzf rna.tar.gz and run cd RnA/ ./RnA cd /sys/compile/your_kernel_name/ make config make make install cd /usr/src/usr.bin/who make make install cd /usr/src/usr.bin/w make make install cd /usr/src/usr.bin/last make make install Check permission to who/w/last (need sgid uwtmp group) and reboot your system . How to get *---------------------------------------------------* New version of rna you can get from : ftp://ftp.eth-security.net/pub/rna.tar.gz http://www.eth-security.net/files/rna.tar.gz http://rast.lodz.pdi.net/~y3t1/rna.tar.gz Greets *---------------------------------------------------* vx () mtl pl - inspirate me to write this patches z33d () eth-security net - b00m b00m b00m ... dawac pieniadze Admins from Institute of Physics(Wroclaw) - for testing patches and good diners all on : #sigsegv@ircnet : z33d,funkySh,Kris,detergent,crashkill,cliph,xfer and other cool guys rastlin,tmoggie,Shadow,Trolinka,lcamtuf,kodzak,venglin,spaceman
Current thread:
- eth-security : ANNOUNCE : Resources no for ALL yeti (Oct 02)