[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security stuff



Hej,

so, summa summarum on this nice security discuss :) I understood we
agreed that it is worth to do something with it :) Facts:

We have at least three insecure system calls available for all users, i.e.
Super(), Supexec() and Rwabs(). And perhaps some more :) If the Unix
environment has to make sense, these need to get patched so that they
would be root only. For compatibility reasons however, this security
should be optional and should depend on an addtional flag, either in
program header or in a global variable, set in MINT.CNF or wherever. This
option should be valid for Super() and Supexec(), not for Rwabs() though,
because this call shouldn't be used by any program but system and
specialized system software (ran by root).

As there's no way to return an error from Super/Supexec, any user program
calling one of these functions when the security is enabled, should be
immediately terminated; Rwabs() may just either return errors or terminate
the calling process.
 
The third thing to do is to change access privileges to /proc so that
removing root (or any) processes using FTP daemon would be impossible.

The four thing is to add two new system calls to manage cookie jar and
read GEMDOS veriables. Additionally, though it doesn't touch security,
I think it might be nice to add a system call which would allow to get
the full MiNT version number, i.e. together with the patchlevel code. As I
now think about it, it may return a longword with four binary coded
informations:

- high byte of high word: major version number
- low byte of high word: minor version number
- high byte of low word: patchlevel number
- low byte of low word: beta code (-1 = beta)

So, for example, 1.14.5 beta may return: $010e05ff and 1.14.5 "not-beta":
$010e0500. It is not deadly important but may be nice for some visual
stuff like uname.

Now is a very good occasion to apply all these changes as I noticed big
progress in getting MiNT virtual memory manager to work, thus I think new
1.14.5 (beta) may be released soon. Wouldn't it be nice if it would
contain more changes than VM oriented only?

Greetings 

Konrad M.Kokoszkiewicz

mail:draco@nidus.mi.com.pl
http://www.orient.uw.edu.pl/~conradus/
 IRC:[Draco]

*** Ea natura multitudinis est,
*** aut servit humiliter, aut superbe dominatur.
*************************************************
*** U pospolstwa normalne jest, ze albo sluzy ono
*** unizenie, albo bezczelnie sie panoszy.
                                           (Liv. XXIV, 25)