From owner-kernel-audit@nl.linux.org Tue Jul 4 21:24:51 2000 Received: by humbolt.nl.linux.org id ; Tue, 4 Jul 2000 21:23:47 +0200 Received: from 55.int14.dsl.garlic.net ([216.139.14.55]:7552 "EHLO rosebud.imaginos.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 4 Jul 2000 21:23:08 +0200 Received: from localhost (imaginos@localhost) by rosebud.imaginos.net (8.9.3/8.9.3) with ESMTP id MAA01386 for ; Tue, 4 Jul 2000 12:28:20 -0700 X-Authentication-Warning: rosebud.imaginos.net: imaginos owned process doing -bs Date: Tue, 4 Jul 2000 12:28:20 -0700 (PDT) From: Jim Hull To: kernel-audit@nl.linux.org Subject: Weirdness with stat() Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-kernel-audit@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;kernel-audit-list I wrote a program today on my laptop (2.2.16) and it was working fine. I was using stat to check the permissions on a file, something along the lines of: struct stat *st; stat(CONFIG, st); if ((st->st_uid != 0) || (st->st_mode != 33152)) { fprintf(stderr, "Unsecure modes on configuration files\n"); exit(1); } This worked with absolutly no problems on my laptop. I went to run it on my desktop (2.4.0-test2 SMP) and it started segfaulting. It wasn't segfaulting at the stat() call, it was segfaulting in weird places like a syslog() or a execv(). Odly enough i managed to trace it down to stat(), and once i commented it out, it was fine. So i switched to access() and have no problems on either systems. Would this be my poor implementation of stat, or would this actually be a kernel bug. Jim - Sexy Rockstar Kernel-audit: discussion list for security and the linux kernel Archive: http://mail.nl.linux.org/kernel-audit/ From owner-kernel-audit@nl.linux.org Tue Jul 4 22:14:48 2000 Received: by humbolt.nl.linux.org id ; Tue, 4 Jul 2000 22:13:27 +0200 Received: from kihakkt.jetcafe.org ([205.147.43.10]:55821 "EHLO kihakkt.jetcafe.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 4 Jul 2000 22:13:02 +0200 Received: from localhost (steve@localhost) by kihakkt.jetcafe.org (8.9.3/8.8.7) with ESMTP id NAA12453; Tue, 4 Jul 2000 13:12:32 -0700 Date: Tue, 4 Jul 2000 13:12:32 -0700 (PDT) From: Steve Schlaifer To: Jim Hull cc: kernel-audit@nl.linux.org Subject: Re: Weirdness with stat() In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-kernel-audit@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;kernel-audit-list On Tue, 4 Jul 2000, Jim Hull wrote: > [...] > > struct stat *st; > > stat(CONFIG, st); > if ((st->st_uid != 0) || (st->st_mode != 33152)) { > fprintf(stderr, "Unsecure modes on configuration files\n"); > exit(1); > } > > This worked with absolutly no problems on my laptop. I went to run it on > my desktop (2.4.0-test2 SMP) and it started segfaulting. It wasn't > segfaulting at the stat() call, it was segfaulting in weird places like a > syslog() or a execv(). > > [...] > > Would this be my poor implementation of stat, or would this actually be a > kernel bug. Neither, this is a bad use of stat. In this case, st is an uninitialized pointer and you are having stat treat that as a pointer to some random location in memory which it dutifully fills with the stat information. Change your code to struct stat st; /* note not *st, just st */ stat(CONFIG, &st); /* note &st not st */ and things will get much better. --Steve "We have a government of law, and government officials must be held accountable under the law." -- Judge Royce Lamberth U.S. District Court for the District of Columbia Kernel-audit: discussion list for security and the linux kernel Archive: http://mail.nl.linux.org/kernel-audit/ From owner-kernel-audit@nl.linux.org Tue Jul 4 22:16:59 2000 Received: by humbolt.nl.linux.org id ; Tue, 4 Jul 2000 22:15:31 +0200 Received: from brutus.conectiva.com.br ([200.250.58.146]:42485 "HELO burns.conectiva") by humbolt.nl.linux.org with SMTP id ; Tue, 4 Jul 2000 22:14:13 +0200 Received: (qmail 5825 invoked from network); 4 Jul 2000 20:15:50 -0000 Received: from soneca.conectiva (HELO conectiva.com.br) (root@10.0.2.41) by burns.conectiva with SMTP; 4 Jul 2000 20:15:50 -0000 Message-ID: <39624548.BD84CBFC@conectiva.com.br> Date: Tue, 04 Jul 2000 17:12:56 -0300 From: Ricardo Reply-To: ricardo@conectiva.com.br Organization: Conectiva SA X-Mailer: Mozilla 4.73 [pt_BR] (X11; U; Linux 2.2.14-17cl i586) X-Accept-Language: pt-BR MIME-Version: 1.0 To: kernel-audit@nl.linux.org Subject: Re: Weirdness with stat() References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-kernel-audit@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;kernel-audit-list Hy, Sellaro and the coordinators of Linuxdoc project in Brazil wants to help LKAP. We are developping one " auditing" system for Brazillian translations, and maybe it's works to auditting the kernel. In a fell days, I will put one part of the system in web. Then, I hope ;) the people from Linuxdoc and LKAP will test, and send some bug reports. But, to make this, I need some description of your work. Sorry the poor english ;} Ricardo ------------------------------ Ricardo Soares Guimarães http://ldp-br.conectiva.com.br ------------------------------ Kernel-audit: discussion list for security and the linux kernel Archive: http://mail.nl.linux.org/kernel-audit/ From owner-kernel-audit@nl.linux.org Tue Jul 4 22:21:39 2000 Received: by humbolt.nl.linux.org id ; Tue, 4 Jul 2000 22:20:04 +0200 Received: from 55.int14.dsl.garlic.net ([216.139.14.55]:10112 "EHLO rosebud.imaginos.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 4 Jul 2000 22:19:31 +0200 Received: from localhost (imaginos@localhost) by rosebud.imaginos.net (8.9.3/8.9.3) with ESMTP id NAA17906; Tue, 4 Jul 2000 13:24:35 -0700 X-Authentication-Warning: rosebud.imaginos.net: imaginos owned process doing -bs Date: Tue, 4 Jul 2000 13:24:35 -0700 (PDT) From: Jim Hull To: Steve Schlaifer cc: kernel-audit@nl.linux.org Subject: Re: Weirdness with stat() In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-kernel-audit@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;kernel-audit-list Very good. thanks. Jim On Tue, 4 Jul 2000, Steve Schlaifer wrote: > On Tue, 4 Jul 2000, Jim Hull wrote: > > [...] > > > > struct stat *st; > > > > stat(CONFIG, st); > > if ((st->st_uid != 0) || (st->st_mode != 33152)) { > > fprintf(stderr, "Unsecure modes on configuration files\n"); > > exit(1); > > } > > > > This worked with absolutly no problems on my laptop. I went to run it on > > my desktop (2.4.0-test2 SMP) and it started segfaulting. It wasn't > > segfaulting at the stat() call, it was segfaulting in weird places like a > > syslog() or a execv(). > > > > [...] > > > > Would this be my poor implementation of stat, or would this actually be a > > kernel bug. > > Neither, this is a bad use of stat. In this case, st is an uninitialized > pointer and you are having stat treat that as a pointer to some random > location in memory which it dutifully fills with the stat information. > Change your code to > > struct stat st; /* note not *st, just st */ > > stat(CONFIG, &st); /* note &st not st */ > > and things will get much better. > > --Steve > > "We have a government of law, and government officials must > be held accountable under the law." > > -- Judge Royce Lamberth > U.S. District Court for the District of Columbia > Kernel-audit: discussion list for security and the linux kernel Archive: http://mail.nl.linux.org/kernel-audit/ From owner-kernel-audit@nl.linux.org Tue Jul 4 23:07:59 2000 Received: by humbolt.nl.linux.org id ; Tue, 4 Jul 2000 23:06:37 +0200 Received: from finch-post-11.mail.demon.net ([194.217.242.39]:52240 "EHLO finch-post-11.mail.demon.net") by humbolt.nl.linux.org with ESMTP id ; Tue, 4 Jul 2000 23:06:17 +0200 Received: from notatla.demon.co.uk ([194.222.156.169]) by finch-post-11.mail.demon.net with esmtp (Exim 2.12 #1) id 139ZtY-000J63-0B; Tue, 4 Jul 2000 21:06:16 +0000 Received: (from ant@localhost) by notatla.demon.co.uk (noyb/noyb) id WAA03474; Tue, 4 Jul 2000 22:06:54 +0100 Date: Tue, 4 Jul 2000 22:06:54 +0100 From: Antonomasia Message-Id: <200007042106.WAA03474@notatla.demon.co.uk> To: imaginos@imaginos.net, steve@kihakkt.jetcafe.org Subject: Re: Weirdness with stat() Cc: kernel-audit@nl.linux.org Sender: owner-kernel-audit@nl.linux.org Precedence: bulk Return-Path: X-Orcpt: rfc822;kernel-audit-list > > struct stat *st; > > > > stat(CONFIG, st); > > if ((st->st_uid != 0) || (st->st_mode != 33152)) { > > fprintf(stderr, "Unsecure modes on configuration files\n"); > > exit(1); > > } > Neither, this is a bad use of stat. In this case, st is an uninitialized > pointer and you are having stat treat that as a pointer to some random > location in memory which it dutifully fills with the stat information. > Change your code to > > struct stat st; /* note not *st, just st */ > > stat(CONFIG, &st); /* note &st not st */ You also want to test the return code of stat(); 0 if OK before using any of the stuff like st->st_uid. -- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ############################################################## Kernel-audit: discussion list for security and the linux kernel Archive: http://mail.nl.linux.org/kernel-audit/