Date: Sun, 12 Dec 1999 11:22:01 +0100 (CET) From: borjam@garatu.we.lc.ehu.es To: FreeBSD-gnats-submit@freebsd.org Subject: kern/15435: Attempts to execute programs from a noexec filesystem should be logged Message-ID: <199912121022.LAA21435@garatu.we.lc.ehu.es>
next in thread | raw e-mail | index | archive | help
>Number: 15435
>Category: kern
>Synopsis: Attempts to execute programs from a noexec filesystem should be logged
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 12 02:30:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Borja Marcos
>Release: FreeBSD 3.3-RELEASE i386
>Organization:
>Environment:
(irrelevant)
>Description:
The option to mount a filesystem as "noexec" is a very useful security
option. However, for it to be really useful, attempts to execute
programs from filesystems mounted as "noexec" should be logged. It
could help to detect the use of exploits for security bugs.
The included diff (to kern_exec.c in 3.3-RELEASE) logs the attempts
as kern.notice messages.
Perhaps this should be controlled from a sysctl variable?
>How-To-Repeat:
>Fix:
*** kern_exec.c Sun Oct 31 00:50:32 1999
--- kern_exec.c.new Sun Oct 31 02:05:55 1999
***************
*** 34,39 ****
--- 34,40 ----
#include <sys/mount.h>
#include <sys/filedesc.h>
#include <sys/fcntl.h>
+ #include <sys/syslog.h>
#include <sys/acct.h>
#include <sys/exec.h>
#include <sys/imgact.h>
***************
*** 678,691 ****
/*
* 1) Check if file execution is disabled for the filesystem that this
! * file resides on.
* 2) Insure that at least one execute bit is on - otherwise root
* will always succeed, and we don't want to happen unless the
* file really is executable.
* 3) Insure that the file is a regular file.
*/
! if ((vp->v_mount->mnt_flag & MNT_NOEXEC) ||
! ((attr->va_mode & 0111) == 0) ||
(attr->va_type != VREG)) {
return (EACCES);
}
--- 679,699 ----
/*
* 1) Check if file execution is disabled for the filesystem that this
! * file resides on. In that case, log the attempt. It can be
! * part of an attack.
! */
! if (vp->v_mount->mnt_flag & MNT_NOEXEC) {
! log(LOG_NOTICE, "UID %d tried to execute %s in a noexec filesystem", imgp->proc->p_ucred->cr_uid, imgp->fname);
! return (EACCES);
! }
!
! /*
* 2) Insure that at least one execute bit is on - otherwise root
* will always succeed, and we don't want to happen unless the
* file really is executable.
* 3) Insure that the file is a regular file.
*/
! if (((attr->va_mode & 0111) == 0) ||
(attr->va_type != VREG)) {
return (EACCES);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
non-critical
kern
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912121022.LAA21435>