Re: kernel patches
Am Samstag, 10. Mrz 2001 00:05 schrieb Kevin: Then they only have to compile their own version. Openwall shows only you when you run 'w' but shows everyone if you 'who'. Anyone know why? No experience with tools like this (LIDS/Openwall etc.) w and who are different binaries on my system, so they might use different ways of accessing the information. If users can actually compile their own stuff in a restricted environment there are many possibilities of circumventing restrictions. The only restrictions which are not easily circumvented are those imposed by the kernel and its components. -- Patrick Dreker - Is there anything else I can contribute? The latitude and longtitude of the bios writers current position, and a ballistic missile. Alan Cox on [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: kernel patches
On Wed, 7 Mar 2001, [iso-8859-1] Niklas H?glund wrote: Hi! Anyone know where I can find a kernel patch that restricts users so.. 'who' shows only the user himself 'netstat -a' only ports that root/the user owns 'ls' only files that are owned by root/the user ?? //Niklas Take a look at http://www.openwall.com/linux ... Here you find the kernel patches ( 2.2.18 is the latest ). A look at www.lids.org might be usefull too bye Faith
Re: kernel patches
Hello, On Wed, Mar 07, 2001 at 05:03:55PM +0100, Niklas H?glund wrote: Hi! Anyone know where I can find a kernel patch that restricts users so.. 'who' shows only the user himself who is not a kernel function, it's a system utility. Something like this will work: alias who=me=`whoami`; who | grep $me You could put it in /home/user/.bashrc ... Regards, Robert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel patches
On Fri, Mar 09, 2001 at 05:40:03PM -0500, Robert Mognet wrote: Anyone know where I can find a kernel patch that restricts users so.. 'who' shows only the user himself who is not a kernel function, it's a system utility. That doesn't mean a kernel patch can't modify its behavior. Have you ever seen the Knark module in action? It's frightening. All filesystem, process listings, user listings, etc come straight from the kernel. With Knark you can modify any of it. You can hide users, files, processes and so on. You can even modify the behavior of executables without actually changing them (i.e. run 'ls' and suddently your system reboots itself...just as an example). Knark can also completely hide itself from tools like lsmod and rmmod, making it *impossible* to remove or detect (without rebooting to a trusted kernel). Not that this is directly on topic, and it's not what the original poster is looking for. I just wanted to let you know that on some level, everything calls kernel functions, and you can definitely modify their behavior. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgpEB5sZPmZo9.pgp Description: PGP signature
Re: kernel patches
Am Freitag, 9. März 2001 23:40 schrieb Robert Mognet: Hello, On Wed, Mar 07, 2001 at 05:03:55PM +0100, Niklas H?glund wrote: Hi! Anyone know where I can find a kernel patch that restricts users so.. 'who' shows only the user himself who is not a kernel function, it's a system utility. Something like this will work: alias who=me=`whoami`; who | grep $me You could put it in /home/user/.bashrc ... Brilliant idea. The user then does unalias who and the restrictions are gone. The Openwall and LIDS Patches should provide some functionality to restrict users from doing some things they are not supposed to. If one really needs a system which is strongly tied up one maybe even has to change some utilities to provide a different and more restrictive behaviour (i.e. who only returning oneself, for example) -- Patrick Dreker - Is there anything else I can contribute? The latitude and longtitude of the bios writers current position, and a ballistic missile. Alan Cox on linux-kernel@vger.kernel.org
Re: kernel patches
Am Samstag, 10. März 2001 00:05 schrieb Kevin: Then they only have to compile their own version. Openwall shows only you when you run 'w' but shows everyone if you 'who'. Anyone know why? No experience with tools like this (LIDS/Openwall etc.) w and who are different binaries on my system, so they might use different ways of accessing the information. If users can actually compile their own stuff in a restricted environment there are many possibilities of circumventing restrictions. The only restrictions which are not easily circumvented are those imposed by the kernel and its components. -- Patrick Dreker - Is there anything else I can contribute? The latitude and longtitude of the bios writers current position, and a ballistic missile. Alan Cox on linux-kernel@vger.kernel.org
Re: kernel patches
On Wed, Mar 07, 2001 at 05:04:17PM +0100, Niklas Höglund wrote: Anyone know where I can find a kernel patch that restricts users so.. 'who' shows only the user himself http://www.openwall.com/linux/ 'netstat -a' only ports that root/the user owns Openwall can set access rights for /proc 'ls' only files that are owned by root/the user Good access rights -- Francois Deppierraz [EMAIL PROTECTED] Nimag Networks Sàrl - www.nimag.net Phone +41 21 847 00 75 - Fax +41 21 847 00 77 PGP Key ID: 9D283BC9