pam_chroot-0.8 released
John Newbigin
jn at it.swin.edu.au
Wed May 5 02:28:34 UTC 2004
Here is a more complete check procedure. I have used this code so I
hope it is secure :)
int verify_socket_path(char *name)
{
int i = 0;
char x;
int result = 0;
struct stat buf;
name = strdup(name);
while(name[i])
{
if(name[i] == '/')
{
x = name[i + 1];
name[i + 1] = 0;
//printf("path = %s\n", name);
stat(name, &buf);
//printf("uid = %d gid = %d\n", buf.st_uid,
buf.st_gid);
if(buf.st_uid != 0)
{
// make sure there is no user write access
if(buf.st_mode & S_IWUSR)
{
result = -1;
fprintf(stderr, "non root user
has write access to %s\n", name);
}
}
if(buf.st_gid != 0)
{
// make sure there is no group write access
if(buf.st_mode & S_IWGRP)
{
result = -1;
fprintf(stderr, "non root group
has write access to %s\n", name);
}
}
// make sure there is no group write access
if(buf.st_mode & S_IWOTH)
{
result = -1;
fprintf(stderr, "all users have write
access to %s\n", name);
}
name[i + 1] = x;
}
i++;
}
free(name);
return result;
}
Solar Designer wrote:
> On Tue, May 04, 2004 at 08:23:07PM -0500, Ed Schmollinger wrote:
>
>>pam_chroot-0.8 has been released. Kudos to Heiko Hund for contribution
>>of some nifty ideas and code to implement them.
>>
>>The new version is available from
>>http://sourceforge.net/projects/pam-chroot/
>
>
> You could want to check out this patch:
>
> cvs -d :pserver:anoncvs:anoncvs at anoncvs.owl.openwall.com:/cvs co Owl/packages/pam/pam-0.75-owl-pam_chroot.diff
>
> It is not against your version, but it is relevant to it as well.
>
> Basically, the point is that it is unsafe to chroot() to a path which
> contains directories writable by an untrusted user. Unfortunately,
> few people realize that, so this kind of misuse of chroot() is all too
> common.
>
--
John Newbigin - Computer Systems Officer
School of Information Technology
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin
More information about the Pam-list
mailing list