* Grzegorz Pawel Szostak said: > Hi, i see that limited access to /etc/passwd file and others is a very big > problem but... may be can someone write linux kernel module (i saw one, > writed by lcamtuf@ids.pl but compilation wasn't sucessfull ) that will A module?! :)))) What for?! Just write your own WRAPPER around the open syscall and use that instead of the libc's one :))))))). You can do it using the LD_PRELOAD mechanism. > catch any call to open () system function then it will check GID (maybe > UID also ) and if someone want to access all lines in /etc/passwd it gaves How does it do :))? open() just OPENS a file, read() reads the BYTES, not LINES - and to test for authorized access you need to interpret LINES or interpret every read byte - completely useless, solution IMO. > only his own line ... I have source... but it is not good for polish users > (and people who understands polish language ... belive me :) ) Author > don't want to redistribute this source.. I don't blame him :))) - it's really useless :)))) > Any can supply such path to the kernel ? You can, but I doubt anyone will want to include it in the mainstream kernel. Do it in a clean way (if it makes sense at all, which I doubt) - write a shared library with reimplemented libc functions dealing with files and check it there whether the /etc/passwd is being accessed. Then process every line read and return error (what error code??) when a "wrong" line is read. Don't forget to reimplement getpwent, getspent etc.. And then preload your new library before libc - it will intercept every call you reimplemented. Don't forget to recompile and relink all statically linked programs using your new library. Well, anyway - much ado about nothing. Good luck. Security by obscurity isn't really a good way... marek much ado about nothing...
Attachment:
pgpcHOEF3UEQg.pgp
Description: PGP signature