永远的FLASH 
级别:刀光雪影版主
威望:3
经验:1
货币:5852
体力:
来源:江苏
总发帖数:2264
注册日期:2002-02-11 |
|
 查看  邮件  主页  QQ  消息  引用  复制  下载
a simply kernel patch
(WSS-Articles-02007)
Author : e4gle
Email :
e4gle@whitecell.org
HomePage: http://www.whitecell.org
日 期:2002-04-12
类 别:安全
废话少说了,其实是很简单的东东,/tmp目录是linux的临时文件存放的目录,对所有用户可访问。往往也是比较敏感
的目录,一些危险的操作及恶意的攻击都会以它为载体,所以做了一个非常简单的kernel patch来监控或者禁止在/tmp
目录create file或者link file,patch是再简单不过,关键是入口点,支持ext2,ext3文件系统:
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
logtmplink_patch-2.4.x.patch
tmp link log for ext2 patch:
file://this simply kernel patch to watch insecure create file to
/tmp for ext2
file://for linux kernel version 2.4.x
file://by e4gle <e4gle@whitecell.org>
---
fs/ext2/namei.c Sat Apr 13 11:55:21 2002
+++
../linux-2.4/fs/ext2/namei.c Mon Jun 11 22:15:27 2001
@@ -169,10
+169,7 @@
if (inode->i_nlink >= EXT2_LINK_MAX)
return -EMLINK;
+//e4gle add
+ if
(strcmp(dentry->d_parent->d_name.name,"tmp")==0)
+
printk(KERN_INFO "TMPLOG Created file :/%s/%s %o %o %o
%d\n",dentry->d_parent->d_name.name,dentry->d_name,inode->i_mode,inode->i_mode,inode->i_mode,inode->i_uid);
+//end add
-
inode->i_ctime = CURRENT_TIME;
ext2_inc_count(inode);
atomic_inc(&inode->i_count);
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
tmp link log for ext3 patch:
file://this simply kernel patch
to watch insecure create file to /tmp for ext3
file://for linux
kernel version 2.4.x
file://by e4gle <e4gle@whitecell.org>
--- fs/ext3/namei.c Sat Apr 13 12:21:45 2002
+++ ./n.c Sat
Apr 13 12:21:18 2002
@@ -958,10 +958,6 @@
if
(inode->i_nlink >= EXT3_LINK_MAX)
return -EMLINK;
-//e4gle add
- if
(strcmp(dentry->d_parent->d_name.name,"tmp")==0)
-
printk(KERN_INFO "TMPLOG Created file :/%s/%s %o %o %o
%d\n",dentry->d_parent->d_name.name,dentry->d_name,inode->i_mode,inode->i_mode,inode->i_mode,inode->i_uid);
-//end add
handle = ext3_journal_start(dir,
EXT3_DATA_TRANS_BLOCKS);
if (IS_ERR(handle))
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
notmplink_patch-2.4.16.patch
no tmp link for ext2 patch:
file://this simply kernel patch to no permission to create file
to /tmp for ext2
file://for linux kernel version 2.4.x
file://by e4gle <e4gle@whitecell.org
--- fs/ext2/namei.c
Sat Apr 13 11:55:21 2002
+++ ../linux-2.4.16/fs/ext2/namei.c Mon
Jun 11 22:15:27 2001
@@ -169,10 +169,7 @@
if
(inode->i_nlink >= EXT2_LINK_MAX)
return -EMLINK;
+//e4gle add
+ if
(strcmp(dentry->d_parent->d_name.name,"tmp")==0)
+
printk(KERN_INFO "LNKLOG Link Attempt creation in /tmp/%s
%s.\n",dentry->d_name.name,symname);
+ return -EPERM;
+//end add
+
inode->i_ctime = CURRENT_TIME;
ext2_inc_count(inode);
atomic_inc(&inode->i_count);
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
no tmp link for ext3 patch:
file://this simply kernel patch
for no permission to create file to /tmp for ext3
file://for
linux kernel version 2.4.x
file://by e4gle
<e4gle@whitecell.org>
--- fs/ext3/namei.c Sat Apr 13
12:21:45 2002
+++ ./n.c Sat Apr 13 12:21:18 2002
@@ -958,10
+958,6 @@
if (inode->i_nlink >= EXT3_LINK_MAX)
return -EMLINK;
+//e4gle add
+ if
(strcmp(dentry->d_parent->d_name.name,"tmp")==0)
+
printk(KERN_INFO "TMPLOG Created file :/%s/%s %o %o %o
%d\n",dentry->d_parent->d_name.name,dentry->d_name,inode->i_mode,inode->i_mode,inode->i_mode,inode->i_uid);
+//end add
handle = ext3_journal_start(dir,
EXT3_DATA_TRANS_BLOCKS);
if (IS_ERR(handle))
监控日志会被记在/var/log/messages里面。 |
首页 
小榕软件实验室 
刀光雪影 
a simply kernel patch [转帖] 
将此页发给您的朋友
编辑
删除
发表于 2002-04-15.19:09:12 
IP: 
