* man-pages-3.15 is released
@ 2008-12-06 4:38 Michael Kerrisk
2008-12-06 5:04 ` MAC and pam_nologin (was Re: man-pages-3.15 is released) Tetsuo Handa
0 siblings, 1 reply; 4+ messages in thread
From: Michael Kerrisk @ 2008-12-06 4:38 UTC (permalink / raw)
To: lkml, netdev
Gidday,
I've released man-pages-3.15.tar.gz - man pages for Linux
This release is now available for download at:
http://www.kernel.org/pub/linux/docs/man-pages
or ftp://ftp.kernel.org/pub/linux/docs/man-pages
man-pages nowadays also has a public git repository at
git://git.kernel.org/pub/scm/docs/man-pages/man-pages.git
The online changelog is available at
http://www.kernel.org/doc/man-pages/changelog.html
(blogged at
http://linux-man-pages.blogspot.com/2008/12/man-pages-315-is-released.html)
and the current version of the pages is browsable at
http://www.kernel.org/doc/man-pages/
An abridges list of changes that may be of interest to readers of this
list is given below.
Cheers,
Michael
==================== Changes in man-pages-3.15 ====================
Released: 2008-12-05, Bucaramanga
New and rewritten pages
-----------------------
makedev.3
Michael Kerrisk
New page for makedev(), major(), and minor() macros
pthread_cleanup_push_defer_np.3
Michael Kerrisk
New page for pthread_cleanup_push_defer_np(3) and
pthread_cleanup_pop_restore_np(3)
Newly documented interfaces in existing pages
---------------------------------------------
accept.2
Michael Kerrisk
Document accept4() system call, new in Linux 2.6.28
fmemopen.3
Petr Baudis
Add description of open_wmemstream(3)
tcp.7
Michael Kerrisk
Document MSG_TRUNC flag for TCP sockets
Changes to individual pages
---------------------------
accept.2
Michael Kerrisk
Clarify details when returned address is truncated
If the returned address is truncated, the 'addrlen' argument
indicates the actual size of the address, rather than a count
of the number of bytes in the truncated buffer.
Also clarify that if 'addr' argument is NULL, then 'addrlen'
should is unused, and should also be NULL.
mmap.2
Michael Kerrisk
Loosen language around how 'addr' hint is interpreted
Mel Gorman reported that in Linux 2.6.27, 'addr' is rounded
down to a page boundary.
Before kernel 2.6.26, if 'addr' was taken as a hint, it was
rounded up to the next page boundary. Since Linux 2.6.24,
it is rounded down. Therefore, loosen the description of
this point to say that the address is rounded to "a nearby
page boundary".
recv.2
Michael Kerrisk
Clarify details when returned address is truncated
If the recvfrom() returned address is truncated, the 'fromlen'
argument indicates the actual size of the address, rather than
a count of the number of bytes in the truncated buffer.
Also clarify that the 'from' argument can be NULL, in which
case 'fromlen' should is unused, and should also be NULL.
Michael Kerrisk
Internet datagram and netlink sockets support MSG_TRUNC for recv(2)
Internet datagram (since Linux 2.4.27/2.6.8),
and netlink (since Linux 2.6.22) sockets support
the MSG_TRUNC flag for recv(2).
tcp.7
Michael Kerrisk
Note that MSG_PEEK can be used on out-of-band data
^ permalink raw reply [flat|nested] 4+ messages in thread
* MAC and pam_nologin (was Re: man-pages-3.15 is released)
2008-12-06 4:38 man-pages-3.15 is released Michael Kerrisk
@ 2008-12-06 5:04 ` Tetsuo Handa
2008-12-06 6:26 ` Valdis.Kletnieks
0 siblings, 1 reply; 4+ messages in thread
From: Tetsuo Handa @ 2008-12-06 5:04 UTC (permalink / raw)
To: linux-security-module, linux-kernel; +Cc: mtk.manpages
Hello.
The "man 5 nologin" says that:
If the file /etc/nologin *exists*, login (1) will allow access only to root.
Other users will be shown the contents of this file and their logins will be
refused.
But this description becomes inaccurate when MAC (e.g. SELinux) is enabled.
MAC can deny open("/etc/nologin", O_RDONLY) by root user. Thus,
# ln /etc/shadow /etc/nologin
will create /etc/nologin which is *not readable* by login(1).
As a result, non-root user's logins are permitted while /etc/nologin *exists*.
I guess pam_nologin is using a code like
fp = fopen("/etc/nologin", "r");
if (fp)
/* print the contents of /etc/nologin and reject login request. */
So, I think either one of below modifications is needed.
(1) Change the description of manpage like
If the file /etc/nologin *is readable*, login (1) will allow access only to
root. Other users will be shown the contents of this file and their logins
will be refused.
(2) Change the code of pam_nologin like
fd = open("/etc/nologin", O_RDONLY);
if (fd != EOF || errno != ENOENT)
/* print the contents of /etc/nologin and reject login request. */
Which one is the better solution?
Regards.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: MAC and pam_nologin (was Re: man-pages-3.15 is released)
2008-12-06 5:04 ` MAC and pam_nologin (was Re: man-pages-3.15 is released) Tetsuo Handa
@ 2008-12-06 6:26 ` Valdis.Kletnieks
2012-04-15 20:47 ` Michael Kerrisk (man-pages)
0 siblings, 1 reply; 4+ messages in thread
From: Valdis.Kletnieks @ 2008-12-06 6:26 UTC (permalink / raw)
To: Tetsuo Handa; +Cc: linux-security-module, linux-kernel, mtk.manpages
[-- Attachment #1: Type: text/plain, Size: 1692 bytes --]
On Sat, 06 Dec 2008 14:04:07 +0900, Tetsuo Handa said:
(Not really a LSM or kernel issue, and I think mtk.man does kernel
manpages only. At least on my Fedora and RedHat systems, the 'login' manpage
comes from util-linux, so any manpage fixes would go via that route).
> But this description becomes inaccurate when MAC (e.g. SELinux) is enabled.
>
> MAC can deny open("/etc/nologin", O_RDONLY) by root user. Thus,
>
> # ln /etc/shadow /etc/nologin
>
> will create /etc/nologin which is *not readable* by login(1).
> As a result, non-root user's logins are permitted while /etc/nologin *exists*
>
> I guess pam_nologin is using a code like
>
> fp = fopen("/etc/nologin", "r");
> if (fp)
> /* print the contents of /etc/nologin and reject login request. */
Rather than guessing, maybe a check of what the source code actually *does*
would be better?
> So, I think either one of below modifications is needed.
>
> (1) Change the description of manpage like
>
> If the file /etc/nologin *is readable*, login (1) will allow access only to
> root. Other users will be shown the contents of this file and their logins
> will be refused.
>
> (2) Change the code of pam_nologin like
>
> fd = open("/etc/nologin", O_RDONLY);
> if (fd != EOF || errno != ENOENT)
> /* print the contents of /etc/nologin and reject login request. */
(3) Recognize that a sysadmin who intentionally goes and creates a
/etc/nologin via insane means deserves the insane results. You have to
go out of your way to actually create a case where the distinction between
"exists" and "is readable" matters.
Having said that, we probably *should* fix 'man login' to say 'is readable'.
[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: MAC and pam_nologin (was Re: man-pages-3.15 is released)
2008-12-06 6:26 ` Valdis.Kletnieks
@ 2012-04-15 20:47 ` Michael Kerrisk (man-pages)
0 siblings, 0 replies; 4+ messages in thread
From: Michael Kerrisk (man-pages) @ 2012-04-15 20:47 UTC (permalink / raw)
To: Valdis.Kletnieks
Cc: Tetsuo Handa, linux-security-module, linux-kernel, mtk.manpages
Hello Tetsuo Handa,
On Sat, Dec 6, 2008 at 7:26 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Sat, 06 Dec 2008 14:04:07 +0900, Tetsuo Handa said:
>
> (Not really a LSM or kernel issue, and I think mtk.man does kernel
> manpages only. At least on my Fedora and RedHat systems, the 'login' manpage
> comes from util-linux, so any manpage fixes would go via that route).
>
>> But this description becomes inaccurate when MAC (e.g. SELinux) is enabled.
>>
>> MAC can deny open("/etc/nologin", O_RDONLY) by root user. Thus,
>>
>> # ln /etc/shadow /etc/nologin
>>
>> will create /etc/nologin which is *not readable* by login(1).
>> As a result, non-root user's logins are permitted while /etc/nologin *exists*
>>
>> I guess pam_nologin is using a code like
>>
>> fp = fopen("/etc/nologin", "r");
>> if (fp)
>> /* print the contents of /etc/nologin and reject login request. */
>
> Rather than guessing, maybe a check of what the source code actually *does*
> would be better?
>
>> So, I think either one of below modifications is needed.
>>
>> (1) Change the description of manpage like
>>
>> If the file /etc/nologin *is readable*, login (1) will allow access only to
>> root. Other users will be shown the contents of this file and their logins
>> will be refused.
>>
>> (2) Change the code of pam_nologin like
>>
>> fd = open("/etc/nologin", O_RDONLY);
>> if (fd != EOF || errno != ENOENT)
>> /* print the contents of /etc/nologin and reject login request. */
>
> (3) Recognize that a sysadmin who intentionally goes and creates a
> /etc/nologin via insane means deserves the insane results. You have to
> go out of your way to actually create a case where the distinction between
> "exists" and "is readable" matters.
>
> Having said that, we probably *should* fix 'man login' to say 'is readable'.
I added the words "and is readable" to nologin.5.
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Author of "The Linux Programming Interface"; http://man7.org/tlpi/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-04-15 20:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-12-06 4:38 man-pages-3.15 is released Michael Kerrisk
2008-12-06 5:04 ` MAC and pam_nologin (was Re: man-pages-3.15 is released) Tetsuo Handa
2008-12-06 6:26 ` Valdis.Kletnieks
2012-04-15 20:47 ` Michael Kerrisk (man-pages)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.