View 1.4.1 - Change Log
file info- category(Tag)
- root
- file name
- ccs-patch_1.4.1_-_Changes
- last update
- 2007-06-05 14:55
- type
- Plain Text
- editor
- Tetsuo Handa
- description
- 1.4.1 - Change Log
- language
- English
- translate
@ Change argv[0] checking rule.
I was comparing the basename of symbolic link's pathname and argv[0].
Since execute permission check and domain transition are done
based on realpath while argv[0] check is done based on the symlink's
pathname and argv[0], this specification will allow attackers behave
as /bin/cat in the domain of /bin/ls if "/bin/ls and /bin/cat are
links to /sbin/busybox" and "the attacker is permitted to create
a symlink named ~/cat that points to /bin/ls" and "the attacker is
permitted to run /bin/ls".
So, I changed to compare the basename of realpath and argv[0].
Also, I moved the location to compare before processing
"aggregator" directive so that
"aggregator /tmp/logrotate.\?\?\?\?\?\? /tmp/logrotate.tmp"
won't cause the mismatch of the basename of realpath and argv[0].
If /bin/ls is a symlink to /sbin/busybox, then
creating a symlink named ~/cat that points to /bin/ls and
executing ~/cat won't work as expected because permission check and
domain transition are done using /sbin/busybox (realpath of /bin/ls)
and will be rejected since the administrator won't grant
"1 /sbin/busybox".
Fix 2007/05/07
@ Support pathname subtraction.
There was no way to exclude specific pathnames when granting
permissions using wildcards.
There would be a need to exclude specific files and directories.
I introduced "\-" as subtraction operator.
"A\-B" means "A" other than "B".
"A\-B\-C" means "A" other than "B" and "C".
"A\-B\-C\-D" means "A" other than "B" and "C" and "D".
"A", "B", "C", "D" may contain wildcards.
An example usage is "/home/\*/\*\-.ssh/\*", which means
"/home/\*/\*/\*" other than "/home/\*/.ssh/\*".
"A" should contain wildcards because subtraction from constants
(e.g. "/usr\-usr/" or "/usr\-home/") is meaningless.
Don't try "A\-B\+C" because "\+" is not addition operator.
Fix 2007/05/24
@ Fix autobind hook.
The location to call SAKURA_MayAutobind() in net/ipv4/udp.c
and net/ipv6/udp.c were wrong.
Fix 2007/06/03
@ Add a space in MakeMountOptions().
I forgot to add a space after "atime" and "noatime".
Version 1.4.1 2007/06/05 Minor update release.
| |