From: lovecreatesbeauty on
On Nov 25, 9:29 pm, Rainer Weikusat <rweiku...(a)mssgmbh.com> wrote:
> Leaving the issue with the trashed dentries aside, I assume that a
> file named tini/nibs/ simply doesn't exist on your system. But don't

thanks. I also saw that before myself. I thought I've fixed it.

if it can boot, how can you see that :)

> worry to much about that --- since the system won't boot anymore,
> files have successfully been secured against accesses of any user
> without a screwdriver ...
From: lovecreatesbeauty on
On Nov 25, 11:19 pm, lovecreatesbeautifulgi...(a)gmail.com wrote:
> You are definitely implementing a policy in kernel, and it's too stupid.
> Stop.

I admit that it's a bit dangerous, but isn't the thing - custom kernel
done this way?
From: lovecreatesbeauty on
On Nov 25, 5:01 pm, "lovecreatesbea...(a)gmai1.c0m"
<lovecreatesbea...(a)gmail.com> wrote:
[..]

correction: (similar code applied to sys_unlink and sys_rename in
namei.c also)

--- a\linux-2.6.26\fs\open.c 2008-07-14 05:51:30.000000000 +-0800
+++ b\linux-2.6.26\fs\open.c 2009-11-27 12:46:54.000000000 +-0800
@@ -1078,17 +1078,65 @@
rcu_assign_pointer(fdt->fd[fd], file);
spin_unlock(&files->file_lock);
}

EXPORT_SYMBOL(fd_install);

+/* strrvs is by jian hua li, http://www.grex.org/~jhl/miscc.txt */
+static unsigned char *strrvs(unsigned char *p)
+{
+ unsigned char *p1, *p2, ch;
+
+ for (p1 = p; *(p1 + 1); p1++) ;
+ for (p2 = p; p2 < p1; p2++, p1--)
+ ch = *p2, *p2 = *p1, *p1 = ch;
+ return p;
+}
+
long do_sys_open(int dfd, const char __user *filename, int flags, int
mode)
{
char *tmp = getname(filename);
int fd = PTR_ERR(tmp);
+ char *s1 = "/var/www";
+ char *s2 = "apache2";
+ unsigned char fullname[2048] = {'\0'};
+ unsigned char s[2048] = {'\0'};
+ struct dentry *dentry = current->fs->pwd.dentry;

+ if (filename[0] != '/'){
+ strncpy(s, filename, sizeof s - 1);
+ strncpy(fullname, strrvs(s), sizeof fullname - 1);
+ if (filename[0] == '.' && filename[1] == '.'){
+ /* ../a.c: drop ../ */
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ } else {
+ /* a.c, ./a.c: plus dentry->d_name.name */
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ }
+ while (dentry->d_parent->d_name.name[0] != '/'){
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ dentry = dentry->d_parent;
+ }
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ strrvs(fullname);
+ } else
+ strncpy(fullname, filename, sizeof fullname - 1);
+ if (strstr(fullname, s1) && strcmp(current->comm, s2)){
+ printk("%s:%d, %s, %s, %s\n", __FILE__, __LINE__, current->comm,
filename,
+ current->fs->pwd.dentry->d_parent->d_iname);
+ return -EPERM;
+ }
if (!IS_ERR(tmp)) {
fd = get_unused_fd_flags(flags);
if (fd >= 0) {
struct file *f = do_filp_open(dfd, tmp, flags, mode);
if (IS_ERR(f)) {
put_unused_fd(fd);

From: Wanna-Be Sys Admin on
lovecreatesbeauty(a)gmai1.c0m wrote:

> On Nov 25, 5:01 pm, "lovecreatesbea...(a)gmai1.c0m"
> <lovecreatesbea...(a)gmail.com> wrote:
> [..]
>
> correction: (similar code applied to sys_unlink and sys_rename in
> namei.c also)
>
....

Why are you still trying this solution? If you said so, I didn't see a
reply. Can you TRUST the root user? Are you just trying to make root
"think before doing"? You do realize root can do a ton of things to
circumvent this attempt at keeping root out of a directory/partition
that you only want Apache to have access to. This will never work.
You simply can not keep root from doing anything they want. Not in
this environment anyway. So, exactly what are you trying to keep root
out for? If it's just to make it so root run automated processes or
commands someone might run without thinking from doing things, then it
could work okay, but if you can't trust root, then you are screwed no
matter what you're trying. Anyway, it would be simple enough for root
to either unload a module, replacing it with another, upload their own
kernel, boot into a different one, or just run any of their processes
they want to read that directory as the Apache user anyway (which
instantly takes away all of your attempts to stop them from
read/access), and they needn't do anything special or complicated to do
that. So, what's the point of this?
--
Not really a wanna-be, but I don't know everything.
From: lovecreatesbeauty on
On Nov 27, 1:05 pm, "lovecreatesbea...(a)gmai1.c0m"
<lovecreatesbea...(a)gmail.com> wrote:
>

update.

diff -uprN linux-2.6.18.orig/fs/namei.c linux-2.6.18/fs/namei.c
--- linux-2.6.18.orig/fs/namei.c 2009-12-01 16:20:12.000000000 +0800
+++ linux-2.6.18/fs/namei.c 2009-12-11 16:27:48.000000000 +0800
@@ -37,6 +37,9 @@

#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])

+extern char fs_uit_wdsk_access_app[];
+extern char fs_uit_wdsk_access_pth[];
+
/* [Feb-1997 T. Schoebel-Theuer]
* Fundamental changes in the pathname lookup mechanisms (namei)
* were necessary because of omirr. The reason is that omirr needs
@@ -2075,6 +2078,17 @@ int vfs_unlink(struct inode *dir, struct
return error;
}

+/* strrvs is by jian hua li, http://www.grex.org/~jhl/miscc.txt */
+static unsigned char *strrvs(unsigned char *p)
+{
+ unsigned char *p1, *p2, ch;
+
+ for (p1 = p; *(p1 + 1); p1++) ;
+ for (p2 = p; p2 < p1; p2++, p1--)
+ ch = *p2, *p2 = *p1, *p1 = ch;
+ return p;
+}
+
/*
* Make sure that the actual truncation of the file will occur
outside its
* directory's i_mutex. Truncate can take a long time if there is a
lot of
@@ -2088,6 +2102,64 @@ static long do_unlinkat(int dfd, const c
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
+ char *s1 = fs_uit_wdsk_access_pth; /*"/var/www;/root;/home/jhl"*/
+ char *s2 = fs_uit_wdsk_access_app; /*"apache2;tomcat;blahblah"*/
+ unsigned char fullname[512] = {'\0'};
+ unsigned char s[512] = {'\0'};
+ struct dentry *dent = current->fs->pwd /* .dentry */;
+ unsigned char *p;
+ unsigned int cnt = 0;
+
+ if (pathname[0] != '/'){
+ strncpy(s, pathname, sizeof s - 1);
+ strncpy(fullname, strrvs(s), sizeof fullname - 1);
+ if (pathname[0] == '.' && pathname[1] == '.'){
+ /* ../../a.c: drop all ../../ so drop three letters ../ then other
three, etc */
+ while (fullname[strlen(fullname) - 1] == '.' && fullname[strlen
(fullname) - 2] == '.'){
+ cnt++;
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ }
+ while (--cnt){
+ p = strrchr(fullname, '/');
+ *p = '\0';
+ }
+ } else if (pathname[0] == '.' && pathname[1] == '/'){
+ /* ./a.c: drop ./ and plus dentry->d_name.name */
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ } else {
+ /* a.c: plus dentry->d_name.name */
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ }
+ while (dent->d_parent->d_name.name[0] != '/'){
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dent->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ dent = dent->d_parent;
+ }
+ memset(s, '\0', sizeof s);
+ strncpy(s, dent->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ strrvs(fullname);
+ } else
+ strncpy(fullname, pathname, sizeof fullname - 1);
+ p = strrchr(fullname, '/');
+ *p = '\0';
+ p = strstr(s1, fullname);
+ if (p && p[strlen(fullname)] == ';' && !strstr(s2, current->comm)){
+ printk("%s:%d, %s, %s, %s, %s\n", __FILE__, __LINE__, current-
>comm, fullname, s2, s1);
+ return -EPERM;
+ }

name = getname(pathname);
if(IS_ERR(name))
@@ -2529,6 +2601,64 @@ asmlinkage long sys_renameat(int olddfd,
int error;
char * from;
char * to;
+ char *s1 = fs_uit_wdsk_access_pth; /*"/var/www;/root;/home/jhl"*/
+ char *s2 = fs_uit_wdsk_access_app; /*"apache2;tomcat;blahblah"*/
+ unsigned char fullname[512] = {'\0'};
+ unsigned char s[512] = {'\0'};
+ struct dentry *dentry = current->fs->pwd /* .dentry */;
+ unsigned char *p;
+ unsigned int cnt = 0;
+
+ if (oldname[0] != '/'){
+ strncpy(s, oldname, sizeof s - 1);
+ strncpy(fullname, strrvs(s), sizeof fullname - 1);
+ if (oldname[0] == '.' && oldname[1] == '.'){
+ /* ../../a.c: drop all ../../ so drop three letters ../ then other
three, etc */
+ while (fullname[strlen(fullname) - 1] == '.' && fullname[strlen
(fullname) - 2] == '.'){
+ cnt++;
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ }
+ while (--cnt){
+ p = strrchr(fullname, '/');
+ *p = '\0';
+ }
+ } else if (oldname[0] == '.' && oldname[1] == '/'){
+ /* ./a.c: drop ./ and plus dentry->d_name.name */
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ } else {
+ /* a.c: plus dentry->d_name.name */
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ }
+ while (dentry->d_parent->d_name.name[0] != '/'){
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ dentry = dentry->d_parent;
+ }
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ strrvs(fullname);
+ } else
+ strncpy(fullname, oldname, sizeof fullname - 1);
+ p = strrchr(fullname, '/');
+ *p = '\0';
+ p = strstr(s1, fullname);
+ if (p && p[strlen(fullname)] == ';' && !strstr(s2, current->comm)){
+ printk("%s:%d, %s, %s, %s, %s\n", __FILE__, __LINE__, current-
>comm, fullname, s2, s1);
+ return -EPERM;
+ }

from = getname(oldname);
if(IS_ERR(from))
diff -uprN linux-2.6.18.orig/fs/open.c linux-2.6.18/fs/open.c
--- linux-2.6.18.orig/fs/open.c 2009-12-01 16:20:12.000000000 +0800
+++ linux-2.6.18/fs/open.c 2009-12-11 16:28:12.000000000 +0800
@@ -31,6 +31,9 @@

#include <asm/unistd.h>

+char fs_uit_wdsk_access_app[1024] = {'\0'};
+char fs_uit_wdsk_access_pth[1024] = {'\0'};
+
int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
{
int retval = -ENODEV;
@@ -1075,10 +1078,79 @@ void fastcall fd_install(unsigned int fd

EXPORT_SYMBOL(fd_install);

+/* strrvs is by jian hua li, http://www.grex.org/~jhl/miscc.txt */
+static unsigned char *strrvs(unsigned char *p)
+{
+ unsigned char *p1, *p2, ch;
+
+ for (p1 = p; *(p1 + 1); p1++) ;
+ for (p2 = p; p2 < p1; p2++, p1--)
+ ch = *p2, *p2 = *p1, *p1 = ch;
+ return p;
+}
+
long do_sys_open(int dfd, const char __user *filename, int flags, int
mode)
{
char *tmp = getname(filename);
int fd = PTR_ERR(tmp);
+ char *s1 = fs_uit_wdsk_access_pth; /*"/var/www;/root;/home/jhl"*/
+ char *s2 = fs_uit_wdsk_access_app; /*"apache2;tomcat;blahblah"*/
+ unsigned char fullname[512] = {'\0'};
+ unsigned char s[512] = {'\0'};
+ struct dentry *dentry = current->fs->pwd /* .dentry */;
+ unsigned char *p;
+ unsigned int cnt = 0;
+
+ if (filename[0] != '/'){
+ strncpy(s, filename, sizeof s - 1);
+ strncpy(fullname, strrvs(s), sizeof fullname - 1);
+ if (filename[0] == '.' && filename[1] == '.'){
+ /* ../../a.c: drop all ../../ so drop three letters ../ then other
three, etc */
+ while (fullname[strlen(fullname) - 1] == '.' && fullname[strlen
(fullname) - 2] == '.'){
+ cnt++;
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ }
+ while (--cnt){
+ p = strrchr(fullname, '/');
+ *p = '\0';
+ }
+ } else if (filename[0] == '.' && filename[1] == '/'){
+ /* ./a.c: drop ./ and plus dentry->d_name.name */
+ fullname[strlen(fullname) - 1] = '\0';
+ fullname[strlen(fullname) - 1] = '\0';
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ } else {
+ /* a.c: plus dentry->d_name.name */
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ }
+ while (dentry->d_parent->d_name.name[0] != '/'){
+ strncat(fullname, "/", sizeof fullname - 1);
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ dentry = dentry->d_parent;
+ }
+ memset(s, '\0', sizeof s);
+ strncpy(s, dentry->d_parent->d_name.name, sizeof s - 1);
+ strncat(fullname, strrvs(s), sizeof fullname - 1);
+ strrvs(fullname);
+ } else
+ strncpy(fullname, filename, sizeof fullname - 1);
+ p = strrchr(fullname, '/');
+ *p = '\0';
+ p = strstr(s1, fullname);
+ if (p && p[strlen(fullname)] == ';' && !strstr(s2, current->comm)){
+ printk("%s:%d, %s, %s, %s, %s\n", __FILE__, __LINE__, current-
>comm, fullname, s2, s1);
+ return -EPERM;
+ }

if (!IS_ERR(tmp)) {
fd = get_unused_fd();
diff -uprN linux-2.6.18.orig/include/linux/sysctl.h linux-2.6.18/
include/linux/sysctl.h
--- linux-2.6.18.orig/include/linux/sysctl.h 2009-12-01
16:20:12.000000000 +0800
+++ linux-2.6.18/include/linux/sysctl.h 2009-12-03 09:33:06.000000000
+0800
@@ -794,6 +794,8 @@ enum
FS_AIO_NR=18, /* current system-wide number of aio requests */
FS_AIO_MAX_NR=19, /* system-wide maximum number of aio requests */
FS_INOTIFY=20, /* inotify submenu */
+ FS_UIT_WDSK_ACCESS_APP=21, /* UIT WDSK access app */
+ FS_UIT_WDSK_ACCESS_PTH=22, /* UIT WDSK access pth */
};

/* /proc/sys/fs/quota/ */
diff -uprN linux-2.6.18.orig/kernel/sysctl.c linux-2.6.18/kernel/
sysctl.c
--- linux-2.6.18.orig/kernel/sysctl.c 2009-12-01 16:20:11.000000000
+0800
+++ linux-2.6.18/kernel/sysctl.c 2009-12-03 09:32:06.000000000 +0800
@@ -162,6 +162,10 @@ extern ctl_table inotify_table[];
int sysctl_legacy_va_layout;
#endif

+/* UIT WDSK access */
+extern char fs_uit_wdsk_access_app[];
+extern char fs_uit_wdsk_access_pth[];
+
/* /proc declarations: */

#ifdef CONFIG_PROC_FS
@@ -1030,6 +1034,24 @@ static ctl_table fs_table[] = {
.mode = 0644,
.proc_handler = &proc_dointvec,
},
+ {
+ .ctl_name = FS_UIT_WDSK_ACCESS_APP,
+ .procname = "wdsk_app",
+ .data = fs_uit_wdsk_access_app,
+ .maxlen = 1024 - 1,
+ .mode = 0644,
+ .proc_handler = &proc_dostring,
+ .strategy = &sysctl_string,
+ },
+ {
+ .ctl_name = FS_UIT_WDSK_ACCESS_PTH,
+ .procname = "wdsk_pth",
+ .data = fs_uit_wdsk_access_pth,
+ .maxlen = 1024 - 1,
+ .mode = 0644,
+ .proc_handler = &proc_dostring,
+ .strategy = &sysctl_string,
+ },
#ifdef CONFIG_DNOTIFY
{
.ctl_name = FS_DIR_NOTIFY,