Hey. What do You think about this patch? This can help non-root applications like apache etc. For example when I got access to many files from many groups when attacker will exploit this application he got access to all files, coz there is no way to setgroups() if I am non-root and maybe only demon needs access to all files - child needs only access to files owned by one group.
Here You got patch:
[15:52:00] [ttyq0] [52] leila:root:# diff /sys/kern/kern_prot.c.old
/sys/kern/kern_prot.c.new
613c613
< int error;
---
> int error, i, j, stat, root = 1;
616c616
< return (error);
---
> root = 0;
633c633
< } else {
---
> } else if (root) {
636a637,656
> pc->pc_ucred->cr_ngroups = ngrp;
> } else {
> if ((caddr_t)(intptr_t)fuword(uap->gidset) == (caddr_t)(-1))
{
> return (EINVAL);
> if (ngrp > pc->pc_ucred->cr_ngroups)
> return (EPERM);
> for (i = 0; i < ngrp; i++) {
> stat = 0;
> for (j = 0; j < pc->pc_ucred->cr_ngroups; j++) {
> if (uap->gidset[i] ==
> pc->pc_ucred->cr_groups[j]) {
> stat = 1;
> break;
> }
> }
> if (!stat)
> return (EPERM);
> }
> for (i = 0; i < ngrp; i++)
> pc->pc_ucred->cr_groups[i] = uap->gidset[i];
--
Paweł Jakub Dawidek
Network Administrator.
Am I Evil? Yes, I Am.
msg33393/pgp00000.pgp
Description: PGP signature
