Date: Mon, 03 Jan 2005 02:37:02 +0300 From: Rojer <myself@rojer.pp.ru> To: freebsd-hackers@freebsd.org Subject: Determining userland return address (from syscall) Message-ID: <41D8859E.4080609@rojer.pp.ru>
next in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms050601090807040502020201 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Greetings, much respected FreeBAS Hackers! :) I am developing a kernel module that implements a custom syscall and needs to know from what exact userland address was the call made. Being concerned about choosing the most correct approach, I turned to this list for help. Please provide as much information as you can. For those interested I will explain the purpose. I've been thinking of some way to let Apache children a limited ability to setuid() as a solution for both suexec and the infamous PHP-as-a-module issue. The solution I am about to implement is based on a custom setuid syscall, that would allow limited list of processes to obtain root privileges from a limited set of locations (supposedly, the trusted ones, originating in the httpd's .text section). The modified Apache child would issue such a syscall, get root privileges and then immediately setusercontext() for the request it is about to process. The list of processes and locations would be maintained by Apache parent that runs with root privileges already, child processes would not be allowed to modify the list. The key point here is ability to trust a call being made from a specific location. I assume that process cannot change its .text section once loaded so this scheme would no be abused by overwriting the location with malicious code. Am I correct here? What do you think of this scheme overall? Thank you. -- Deomid Ryabkov aka Rojer myself@rojer.pp.ru rojer@sysadmins.ru ICQ: 8025844 --------------ms050601090807040502020201 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJIzCC AuwwggJVoAMCAQICAwwKdjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwMzMxMjIxODA5WhcNMDUwMzMxMjIxODA5 WjBfMRAwDgYDVQQEEwdSeWFia292MQ8wDQYDVQQqEwZEZW9taWQxFzAVBgNVBAMTDkRlb21p ZCBSeWFia292MSEwHwYJKoZIhvcNAQkBFhJteXNlbGZAcm9qZXIucHAucnUwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBxXgFP/1lZDqp0dzUDzR5IBb7aKki6TD+HMMkRjtP IOcaNHsfoDer9RFrFICoxNQZF86iopYFVYr7msgB9y2dKZTRQQoOA72lFrOyH3sgrztx/3LL axEsihA2cxcrglrIgPEm6FF2aabbKVpSdeslMCDPBr0auAm0QLo8ch9c5j0vuQUBrs8TKU6f 6YZLNO2Sk/fPZP2kfJEkXyZhkU6wq3ER1CHq2qgfNpW2Ni7Kuv/eYI/CV1BGgm37ZPubOyxI LNiRUGT0pv0wocrCIehKqoI1uFPZgGS0ANYTqPJQSdjlSzMGQJjT510PNDJnDfKOvLhcadD+ 6gSL/ovNM/LPAgMBAAGjLzAtMB0GA1UdEQQWMBSBEm15c2VsZkByb2plci5wcC5ydTAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBACunC6DhFX4I6Nvdy/UevjSd3VmKWPRmqwoR l0RXvuI/JVyPO9KHGqxCMpRu7ArJz7d8ShPVs5kynysrB+Nm6/fwWjeaW21+gViojeO9gGP6 Np/LeMIqkqSYMoElq7Feqh/3qp7a/UxuofFtAW9V/2tRunxaPo4/WOxcdcmdcC86MIIC7DCC AlWgAwIBAgIDDAp2MA0GCSqGSIb3DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg RnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNDAzMzEyMjE4MDlaFw0wNTAzMzEyMjE4MDlaMF8x EDAOBgNVBAQTB1J5YWJrb3YxDzANBgNVBCoTBkRlb21pZDEXMBUGA1UEAxMORGVvbWlkIFJ5 YWJrb3YxITAfBgkqhkiG9w0BCQEWEm15c2VsZkByb2plci5wcC5ydTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMHFeAU//WVkOqnR3NQPNHkgFvtoqSLpMP4cwyRGO08g5xo0 ex+gN6v1EWsUgKjE1BkXzqKilgVVivuayAH3LZ0plNFBCg4DvaUWs7IfeyCvO3H/cstrESyK EDZzFyuCWsiA8SboUXZpptspWlJ16yUwIM8GvRq4CbRAujxyH1zmPS+5BQGuzxMpTp/phks0 7ZKT989k/aR8kSRfJmGRTrCrcRHUIeraqB82lbY2Lsq6/95gj8JXUEaCbftk+5s7LEgs2JFQ ZPSm/TChysIh6EqqgjW4U9mAZLQA1hOo8lBJ2OVLMwZAmNPnXQ80MmcN8o68uFxp0P7qBIv+ i80z8s8CAwEAAaMvMC0wHQYDVR0RBBYwFIESbXlzZWxmQHJvamVyLnBwLnJ1MAwGA1UdEwEB /wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAK6cLoOEVfgjo293L9R6+NJ3dWYpY9GarChGXRFe+ 4j8lXI870ocarEIylG7sCsnPt3xKE9WzmTKfKysH42br9/BaN5pbbX6BWKiN472AY/o2n8t4 wiqSpJgygSWrsV6qH/eqntr9TG6h8W0Bb1X/a1G6fFo+jj9Y7Fx1yZ1wLzowggM/MIICqKAD AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD 6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC 3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0ECAwwKdjAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMx CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNTAxMDIyMzM3MDJaMCMGCSqGSIb3DQEJ BDEWBBQyAWIqr3JaEeb9DCWp8Z78bwVGwDBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB KDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg SXNzdWluZyBDQQIDDAp2MHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwwKdjANBgkqhkiG9w0BAQEFAASCAQAnqG4c bKKzh/PbLZeSFUv+JJfjW0Uf8rBpU+gwMHOtEeeAMXmDlkOuhTFJQeO2pOtMlqEKbB9c5Cd7 dsL44ydfAWt1fUZj7S9Jcpf4wsc7ITEEhmuX3A3aSZAQLrNg6XgH+pyALYnHkdzfHkgYxi5J sKBkleImhM+bq+5diwDoaJzVHM51pvKUun0yo4pOBUj2jblOgeIZRQxR6kT/NNXsD1gMQvUT tpMy/nmYRsBdUI8pQjSLFX1t0tubO/fDOHUt/gBCujKevjFdThES1kyGKzOHC67Qoo7weDve 5WLfQmBaWcb6GZl53QVRuTA0uIZsvsfyCYve0oyoNOWs2GqvAAAAAAAA --------------ms050601090807040502020201--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41D8859E.4080609>