Security patches for Suse's 2.6 kernel
Hi list! I've ported the hardlink/symlink protection of the grsecurity patch to Suse's 2.6 kernels. My patch makes it considerable harder (and sometimes impossible) to exploit insecure handling of files in /tmp. Additionally it prevents some other annoying things that an attacker could do with hard/symlinks. The patch, more details and install instructions can be found on my website (http://private.addcom.de/nordi/). Feedback is welcome! The patch is very small and non-intrusive. The slightly changed handling of links should(!) not break existing software. At least I've been using this patch myself on a Suse 9.1 and a 9.2 machine for a couple of weeks now and haven't seen anything break that wasn't broken before ;) Regards nordi SHA1 checksums for the patches: Suse 9.2: d8138ce3da839aefa77a236ac0bd6436318ffc52 Suse 9.1: c7210821fa8c2ca87f2a4e2cb13646bdec36f72c
On Tue, Jan 25, 2005 at 09:04:15PM +0100, nordi wrote:
Hi list!
I've ported the hardlink/symlink protection of the grsecurity patch to Suse's 2.6 kernels. My patch makes it considerable harder (and sometimes impossible) to exploit insecure handling of files in /tmp. Additionally it prevents some other annoying things that an attacker could do with hard/symlinks. The patch, more details and install instructions can be found on my website (http://private.addcom.de/nordi/). Feedback is welcome!
The patch is very small and non-intrusive. The slightly changed handling of links should(!) not break existing software. At least I've been using this patch myself on a Suse 9.1 and a 9.2 machine for a couple of weeks now and haven't seen anything break that wasn't broken before ;)
Try to get it in upstream kernel. Good luck ;) You should probably rename the 2 new functions before to a name that matches what they do. Btw, there is a nice thread of grsecurity merge to mainline (with lot of flamage) going on currently. So you might find a bees nest :/ Ciao, Marcus
Marcus Meissner wrote:
Try to get it in upstream kernel. Good luck ;) Which one precisely do you mean?
You should probably rename the 2 new functions before to a name that matches what they do. The function names I use in my patch are actually the original ones from the grsecurity patch. Creating the patch was mainly copy'n'paste, so I did not change any names. This helped me reduce my confusion when something didn't work out, since I could easily compare with the original patch. It should also help people to verify that my patches are correct.
Btw, there is a nice thread of grsecurity merge to mainline (with lot of flamage) going on currently. So you might find a bees nest :/ I've looked at the forum and the mailing list archive at grsecurity.com, but haven't seen any obvious flaming. OTOH, I have not read every single post, so a link would be nice.
Regards nordi
On Wed, Jan 26, 2005 at 08:24:55PM +0100, nordi wrote:
Marcus Meissner wrote:
Try to get it in upstream kernel. Good luck ;) Which one precisely do you mean?
Linus Torvalds 2.6 kernel ... btw, someone else tried to get them merged already the last days.
You should probably rename the 2 new functions before to a name that matches what they do. The function names I use in my patch are actually the original ones from the grsecurity patch. Creating the patch was mainly copy'n'paste, so I did not change any names. This helped me reduce my confusion when something didn't work out, since I could easily compare with the original patch. It should also help people to verify that my patches are correct.
Btw, there is a nice thread of grsecurity merge to mainline (with lot of flamage) going on currently. So you might find a bees nest :/ I've looked at the forum and the mailing list archive at grsecurity.com, but haven't seen any obvious flaming. OTOH, I have not read every single post, so a link would be nice.
I meant the Linux-Kernel mailinglist. Ciao, Marcus
participants (2)
-
Marcus Meissner -
nordi