Kernel Newbies archive on lore.kernel.org
 help / color / Atom feed
* sticky bits in /proc etc
@ 2020-06-10 14:24 jim.cromie
  2020-06-11  3:37 ` Valdis Klētnieks
  0 siblings, 1 reply; 3+ messages in thread
From: jim.cromie @ 2020-06-10 14:24 UTC (permalink / raw)
  To: kernelnewbies

Id like to ask about a possible new use for file and directory sticky bits,
or setuid bits, to address the root-only use of /proc (etc) files

this needs root

  echo module kvm +p > /proc/dynamic_debug/control

how about this ?

cat root-owned-readonly-file  > /proc/dynamic_debug/control

the root-owned-file can define a fixed set of dprintk enablements,
and since its ro, its contents are controlled.

is there some combination of special-bits on the source (ro root owned)
and destination (root owned)
that could safely allow joe-user to cat that file into control ?

If it could fit here, it might then be a general workaround to root-shell access
for /proc /sys manipulations

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: sticky bits in /proc etc
  2020-06-10 14:24 sticky bits in /proc etc jim.cromie
@ 2020-06-11  3:37 ` Valdis Klētnieks
  2020-06-11 15:07   ` jim.cromie
  0 siblings, 1 reply; 3+ messages in thread
From: Valdis Klētnieks @ 2020-06-11  3:37 UTC (permalink / raw)
  To: jim.cromie; +Cc: kernelnewbies

[-- Attachment #1.1: Type: text/plain, Size: 1006 bytes --]

On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@gmail.com said:
> Id like to ask about a possible new use for file and directory sticky bits,
> or setuid bits, to address the root-only use of /proc (etc) files

The sticky bit and setuid/gid bits already have meanings for directories,
and changing the semantics will break existing code.

> this needs root
>
>   echo module kvm +p > /proc/dynamic_debug/control
>
> how about this ?
>
> cat root-owned-readonly-file  > /proc/dynamic_debug/control

Nope, doesn't work that way, because the file in /proc has no way to tell that
it's cat doing it from a root-owned file, versus cat doing it from a
hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat"
commands are identical.

If you have an actual need for non-root users to do this, there's always the
fact that 'sudo' can be restricted to specific commands for the user, and/or
the use of set-UID helper programs that validate the request and then issue it
on the user's behalf.



[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: sticky bits in /proc etc
  2020-06-11  3:37 ` Valdis Klētnieks
@ 2020-06-11 15:07   ` jim.cromie
  0 siblings, 0 replies; 3+ messages in thread
From: jim.cromie @ 2020-06-11 15:07 UTC (permalink / raw)
  To: Valdis Klētnieks; +Cc: kernelnewbies

On Wed, Jun 10, 2020 at 9:37 PM Valdis Klētnieks
<valdis.kletnieks@vt.edu> wrote:
>
> On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@gmail.com said:
> > Id like to ask about a possible new use for file and directory sticky bits,
> > or setuid bits, to address the root-only use of /proc (etc) files
>
> The sticky bit and setuid/gid bits already have meanings for directories,
> and changing the semantics will break existing code.
>

ok, Id more or less expected this.
the only escape might have been that those meanings pertain to a "real" FS,
and might be irrelevant to a synthetic/virtual fs like /proc or /sys

> > this needs root
> >
> >   echo module kvm +p > /proc/dynamic_debug/control
> >
> > how about this ?
> >
> > cat root-owned-readonly-file  > /proc/dynamic_debug/control
>
> Nope, doesn't work that way, because the file in /proc has no way to tell that
> it's cat doing it from a root-owned file, versus cat doing it from a
> hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat"
> commands are identical.
>
> If you have an actual need for non-root users to do this, there's always the
> fact that 'sudo' can be restricted to specific commands for the user, and/or
> the use of set-UID helper programs that validate the request and then issue it
> on the user's behalf.
>

I have no actual need, more just wondering aloud.

thanks
Jim

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-10 14:24 sticky bits in /proc etc jim.cromie
2020-06-11  3:37 ` Valdis Klētnieks
2020-06-11 15:07   ` jim.cromie

Kernel Newbies archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernelnewbies/0 kernelnewbies/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernelnewbies kernelnewbies/ https://lore.kernel.org/kernelnewbies \
		kernelnewbies@kernelnewbies.org
	public-inbox-index kernelnewbies

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernelnewbies.kernelnewbies


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git