sticky bits in /proc etc

sticky bits in /proc etc

[jim.cromie]

Id like to ask about a possible new use for file and directory sticky bits,
or setuid bits, to address the root-only use of /proc (etc) files

this needs root

  echo module kvm +p > /proc/dynamic_debug/control

how about this ?

cat root-owned-readonly-file  > /proc/dynamic_debug/control

the root-owned-file can define a fixed set of dprintk enablements,
and since its ro, its contents are controlled.

is there some combination of special-bits on the source (ro root owned)
and destination (root owned)
that could safely allow joe-user to cat that file into control ?

If it could fit here, it might then be a general workaround to root-shell access
for /proc /sys manipulations

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: sticky bits in /proc etc

[Valdis Klētnieks]

[-- Attachment #1.1: Type: text/plain, Size: 1006 bytes --]

On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@gmail.com said:
> Id like to ask about a possible new use for file and directory sticky bits,
> or setuid bits, to address the root-only use of /proc (etc) files

The sticky bit and setuid/gid bits already have meanings for directories,
and changing the semantics will break existing code.

> this needs root
>
>   echo module kvm +p > /proc/dynamic_debug/control
>
> how about this ?
>
> cat root-owned-readonly-file  > /proc/dynamic_debug/control

Nope, doesn't work that way, because the file in /proc has no way to tell that
it's cat doing it from a root-owned file, versus cat doing it from a
hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat"
commands are identical.

If you have an actual need for non-root users to do this, there's always the
fact that 'sudo' can be restricted to specific commands for the user, and/or
the use of set-UID helper programs that validate the request and then issue it
on the user's behalf.



[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: sticky bits in /proc etc

[jim.cromie]

On Wed, Jun 10, 2020 at 9:37 PM Valdis Klētnieks
<valdis.kletnieks@vt.edu> wrote:
>
> On Wed, 10 Jun 2020 08:24:17 -0600, jim.cromie@gmail.com said:
> > Id like to ask about a possible new use for file and directory sticky bits,
> > or setuid bits, to address the root-only use of /proc (etc) files
>
> The sticky bit and setuid/gid bits already have meanings for directories,
> and changing the semantics will break existing code.
>

ok, Id more or less expected this.
the only escape might have been that those meanings pertain to a "real" FS,
and might be irrelevant to a synthetic/virtual fs like /proc or /sys

> > this needs root
> >
> >   echo module kvm +p > /proc/dynamic_debug/control
> >
> > how about this ?
> >
> > cat root-owned-readonly-file  > /proc/dynamic_debug/control
>
> Nope, doesn't work that way, because the file in /proc has no way to tell that
> it's cat doing it from a root-owned file, versus cat doing it from a
> hacker-owned file. As far as the /proc file is concerned, the "echo" and "cat"
> commands are identical.
>
> If you have an actual need for non-root users to do this, there's always the
> fact that 'sudo' can be restricted to specific commands for the user, and/or
> the use of set-UID helper programs that validate the request and then issue it
> on the user's behalf.
>

I have no actual need, more just wondering aloud.

thanks
Jim

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies