Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Mon, 09 Nov 1998 21:25:01 +0200
From: Topi Miettinen <Topi.Miettinen@medialab.sonera.net>
To: Alexander Kjeldaas <astor@guardian.no>
Subject: Re: RedHat 5.2
Cc: Chris Evans <chris@ferret.lmh.ox.ac.uk>,
 Jon Lewis <jlewis@inorganic5.fdt.net>, security-audit@ferret.lmh.ox.ac.uk,
 Alan Cox <alan@lxorguk.ukuu.org.uk>

Alexander Kjeldaas writes:
> The problem is that the kernel is buggy for /proc/kmesg.  It will
> check your privileges on each read.  I use the following patch to
> remedy the situation and make it possible to run a non-root klogd.
> The patch is from the Debian sysklogd maintainer.

Just to clarify: I'm not a Debian maintainer. Here's a newer version of my
patch, please try this one.

-Topi

diff -ru linux-2.1.125/drivers/scsi/gdth.c.orig linux-2.1.125/drivers/scsi/gdth.c
--- linux-2.1.125/drivers/scsi/gdth.c.orig	Wed Sep  9 18:56:58 1998
+++ linux-2.1.125/drivers/scsi/gdth.c	Sat Nov  7 16:06:55 1998
@@ -167,8 +167,7 @@
 
 #ifdef DEBUG_GDTH
 static unchar   DebugState = DEBUG_GDTH;
-extern int sys_syslog(int,char*,int);
-#define LOGEN           sys_syslog(7,NULL,0);
+#define LOGEN           do_syslog(7,NULL,0);
 #define WAITSEC(a)      mdelay((a)*1000)
 
 #ifdef SLOWMOTION_GDTH
diff -ru linux-2.1.125/fs/proc/kmsg.c.orig linux-2.1.125/fs/proc/kmsg.c
--- linux-2.1.125/fs/proc/kmsg.c.orig	Mon Aug 24 23:14:09 1998
+++ linux-2.1.125/fs/proc/kmsg.c	Sat Nov  7 16:00:18 1998
@@ -17,23 +17,21 @@
 extern unsigned long log_size;
 extern struct wait_queue * log_wait;
 
-asmlinkage int sys_syslog(int type, char * bug, int count);
-
 static int kmsg_open(struct inode * inode, struct file * file)
 {
-	return sys_syslog(1,NULL,0);
+	return do_syslog(1,NULL,0);
 }
 
 static int kmsg_release(struct inode * inode, struct file * file)
 {
-	(void) sys_syslog(0,NULL,0);
+	(void) do_syslog(0,NULL,0);
 	return 0;
 }
 
 static ssize_t kmsg_read(struct file * file, char * buf,
 			 size_t count, loff_t *ppos)
 {
-	return sys_syslog(2,buf,count);
+	return do_syslog(2,buf,count);
 }
 
 static unsigned int kmsg_poll(struct file *file, poll_table * wait)
diff -ru linux-2.1.125/include/linux/kernel.h.orig linux-2.1.125/include/linux/kernel.h
--- linux-2.1.125/include/linux/kernel.h.orig	Tue Oct  6 18:32:37 1998
+++ linux-2.1.125/include/linux/kernel.h	Sat Nov  7 16:01:05 1998
@@ -50,6 +50,8 @@
 
 extern int session_of_pgrp(int pgrp);
 
+extern int do_syslog(int type, char *buf, int len);
+
 asmlinkage int printk(const char * fmt, ...)
 	__attribute__ ((format (printf, 1, 2)));
 
diff -ru linux-2.1.125/kernel/printk.c.orig linux-2.1.125/kernel/printk.c
--- linux-2.1.125/kernel/printk.c.orig	Fri Aug 21 00:47:30 1998
+++ linux-2.1.125/kernel/printk.c	Sat Nov  7 16:13:30 1998
@@ -123,15 +123,19 @@
  */
 asmlinkage int sys_syslog(int type, char * buf, int len)
 {
+	if ((type == 3) || capable(CAP_SYS_ADMIN))
+		return do_syslog(type, buf, len);
+	return -EPERM;
+}
+
+int do_syslog(int type, char *buf, int len)
+{
 	unsigned long i, j, count, flags;
 	int do_clear = 0;
 	char c;
-	int error = -EPERM;
+	int error = 0;
 
 	lock_kernel();
-	if ((type != 3) && !capable(CAP_SYS_ADMIN))
-		goto out;
-	error = 0;
 	switch (type) {
 	case 0:		/* Close log */
 		break;

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: