(Illustration by Gaich Muramatsu)
On Tue, 12 May 1998, Pavel Machek wrote: > Hi! > > > Many Unices have a "setpag" (I called it "newpag") system call through > > which a process puts itself into a new process authentication group - a > > new field in process structure. Mostly setpag is called by "login-type" > > programs, and inherited by fork. This serves authentication which is > > not necessarily uid based. > > > > Filesystems like AFS and Coda like this system for authentication and > > SMBFS etc could equally use it to their advantage. > > > > Will you consider this mini patch which gives us "newpag" and "getpag" > > system calls, implemented by the students cc'd above? It puts an extra > > unsigned long in the process structure and defines two mini syscalls and > > an entry in the /proc/status output. > > How do standart ps-tools, top and similar behave when they see this > new field? I haven't had any problems -- of course it would be nice if they would print the pag too. > > Also: we already have secondary groups. Can not they be > used for just this purpose? Newpag would just add on-the-fly generated > id into list of secondary groups... > There are some Unix programs that manage to manipulate these secondary groups; that could be dangerous. I don't know which and how they do it -- I have forgotten. > Also: Suppose I'm root and I have pag 123. I want to exec > potentially-dangerous program. How do I do it? > > I used to do > su nobody > ./program Depends how "su" works. If it calls PAM modules, these could arrange for the "setpag"; you are completely right that it needs to be done. > > I do not see syscall to loose pag in there. I think it is needed. What > do you think? > > Ok, suppose root wants to sneak into someone else's PAG. How does he > do it? Attach gdb to the kernel and write that pag into its own process structure -- or load a module in the kernel to do that. Root can do anything. > Pavel > -- > I'm really pavel_at_atrey.karlin.mff.cuni.cz. Pavel > Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-). >Received on 1998-05-13 15:34:15