Re: new kde 3.1 packages from Ralph Nolden and file handles
Here is a demonstration of a problem that was in kde 3.0.4 as well. I have
run the command "sleep 100" twice, PID 6482 is from Konsole, PID 6493 is from
an Xterm launched by selecting the "Run Command" menu option and typing
"xterm". I used "sleep" to demonstrate this problem as it's a program that
hangs around, it doesn't do much else to distract us from the problem at
hand, and it's something that everyone has to reproduce the problem.
Notice that in the copy of sleep run from konsole (6482) the file handles are
what you expect, a few shared object, a controlling tty, a home directory and
a root directory.
Notice that in the copy of sleep run from xterm (6493) there are also open
file handles for two named pipes and the ~/Desktop directory. I believe that
this is a minor security risk. If I run an xterm and then use it to run a
SUID wrapper program that runs an insecure or hostile program then if that
wrapper program does not close all file handles (su does but other programs
may not) then the hostile program may get access to ~/Desktop in my home
directory!
I discovered this bug through my SE Linux logs. Some programs were logged as
inheriting file handles that they were not allowed to access when I used an
xterm.
rjc@lyta:~$ lsof | grep sleep
sleep 6482 rjc cwd DIR 3,7 6640 2015 /home/rjc
sleep 6482 rjc rtd DIR 3,2 584 2 /
sleep 6482 rjc txt REG 3,2 11336 49958 /bin/sleep
sleep 6482 rjc mem REG 3,2 82348 7970 /lib/ld-2.3.1.so
sleep 6482 rjc mem REG 3,2 130964 8840 /lib/libm-2.3.1.so
sleep 6482 rjc mem REG 3,2 26592 26552
/lib/librt-2.3.1.so
sleep 6482 rjc mem REG 3,2 1102952 8292 /lib/libc-2.3.1.so
sleep 6482 rjc mem REG 3,2 81959 26556
/lib/libpthread-0.10.so
sleep 6482 rjc 0u CHR 136,2 1716 /dev/pts/2
sleep 6482 rjc 1u CHR 136,2 1716 /dev/pts/2
sleep 6482 rjc 2u CHR 136,2 1716 /dev/pts/2
sleep 6493 rjc cwd DIR 3,7 6640 2015 /home/rjc
sleep 6493 rjc rtd DIR 3,2 584 2 /
sleep 6493 rjc txt REG 3,2 11336 49958 /bin/sleep
sleep 6493 rjc mem REG 3,2 82348 7970 /lib/ld-2.3.1.so
sleep 6493 rjc mem REG 3,2 130964 8840 /lib/libm-2.3.1.so
sleep 6493 rjc mem REG 3,2 26592 26552
/lib/librt-2.3.1.so
sleep 6493 rjc mem REG 3,2 1102952 8292 /lib/libc-2.3.1.so
sleep 6493 rjc mem REG 3,2 81959 26556
/lib/libpthread-0.10.so
sleep 6493 rjc 0u CHR 136,3 1734 /dev/pts/3
sleep 6493 rjc 1u CHR 136,3 1734 /dev/pts/3
sleep 6493 rjc 2u CHR 136,3 1734 /dev/pts/3
sleep 6493 rjc 6r FIFO 0,5 1065293 pipe
sleep 6493 rjc 7w FIFO 0,5 1065293 pipe
sleep 6493 rjc 13r DIR 3,7 688 4285 /home/rjc/Desktop
rjc@lyta:~$
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: