LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-07-2008, 03:44 AM   #1
linuxdoniv
Member
 
Registered: Mar 2008
Posts: 63

Rep: Reputation: 15
modifying write system call


Hi,

Any process can open a file and issue a write system call without any key passed in the call. Its a security issue.

Can I modify write system call as

write( fp, pointer , sizeof data , key) where key has to be passed along with the system call to make sure that the right process is writing the data to the file. The system call implementation checks that only with the right key certain file operations are allowed.

Please comment.


Apart from this idea,
Is there any way in Linux with which we can make sure that right process is writing to a given file. As far as I know this is why we use data basses since an OS can not provide any security to the data at file level.

Thanks for any input,...
 
Old 08-07-2008, 03:52 AM   #2
burschik
Member
 
Registered: Jul 2008
Posts: 159

Rep: Reputation: 31
You know all about UIDs, capabilities, ACLs and security contexts, right?
 
Old 08-07-2008, 04:06 AM   #3
linuxdoniv
Member
 
Registered: Mar 2008
Posts: 63

Original Poster
Rep: Reputation: 15
Hi,

concept of UID's is OK. But could you please elaborate on the other topics Please.
 
Old 08-07-2008, 04:19 AM   #4
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
ACL: access control list.
The commands to work with it: getfacl, setfacl.
Example use: getfacl file; setfacl -m user:rw file;
Man pages: sane.

Access control list allows file owner to determine exactly which users and groups (more exactly, processes owned by which users and groups) have the right to access the file.

Granularity: for actions - same as Unix permissions; for accessed data - per file; for accessing entities - arbitrary sets of users and/or groups.
 
Old 08-07-2008, 05:48 AM   #5
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: ubuntu
Posts: 2,530

Rep: Reputation: 108Reputation: 108
Quote:
Originally Posted by linuxdoniv View Post
Is there any way in Linux with which we can make sure that right process is writing to a given file. As far as I know this is why we use data basses since an OS can not provide any security to the data at file level.
AFAIK this is already been taken care of: permissions to a file are checked when open(2) is called. The file descriptor returned by open(2) cannot be abused by other processes.

As pointed out by the other posts, ACL's can be used to provide finer grained control of file permissions.
 
Old 08-07-2008, 06:02 AM   #6
linuxdoniv
Member
 
Registered: Mar 2008
Posts: 63

Original Poster
Rep: Reputation: 15
I am sorry if the question is very simple.

So if I have 2 root administrators and one of them can read and write a file which the other root administrator should not be able to write,

I have to
add a user at root level say admin_2 and then set the permissions accordingly for him so that he wont be able to write to the file,
but the first administrator can read and write as root and
though admin_2 is also at root he wont be able to change the acl set by the first admin..

Please comment.

Thanks...
 
Old 08-07-2008, 06:08 AM   #7
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
Well, either you want the second administrator to be full root or you want to restrict him somehow. SELinux was proud that they provided some possibilities to have root with UID 0 tied down to guest level. But then you need to learn SELinux.

So, what actual permissions should the less powerful system administrator have?
 
Old 08-07-2008, 06:26 AM   #8
linuxdoniv
Member
 
Registered: Mar 2008
Posts: 63

Original Poster
Rep: Reputation: 15
Hi,

The second admin should not be able to read or write one particular file.Except that he can do all other things that the main admin can do.

Thanks...
 
Old 08-07-2008, 07:23 AM   #9
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
Should anyone at all be able to read the file? Maybe let the main administrator keep it on removed medium in a locked box? Because "do anything except reading that file" is not something you can enforce. Being able to upgrade the system means being able to replace any program that can be used for reading the file with a version leaking data..
 
Old 08-07-2008, 07:34 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
I think the basic problem is finding a "hook" to tie things to. AFAIK with DAC and ACL you have no hook at all (because UID "just" is 0 and that's all the kernel sees). If you assert that both admins log in as unprivileged user then there must be a transition from unpriv to root (if you don't use Rootsh, Sudo or even su then you've got bigger fish to fry). With SE Linux you could write a policy that restricts access by role (force transition to admin role) but that would AFAIK require a MLS-type of policy which writes everything a role can do which is complex, invasive and probably too hard to get right in one go. Another way to explore could be TOMOYO Linux on top of DAC (applies cleanly to vanilla kernel.org source and can run next to SE Linux w/o *any* problems). TOMOYO in terms of hooks is path-based (not similar to but more similar to AppArmor than SE Linux) and allows you to write rules that allow a domain ("<kernel> /sbin/init /bin/rootsh /bin/noexec /bin/vi") read/write access to files. If the file is not listed and the domain (think process) is put in enforcing mode then read/write should effectively be denied. As far as I can see that would be (relatively) less work than SE Linux MLS but still needs everything covered that could result in read/write access.

It would be good to know what the actual file is and its purpose. If it's not in use by the system then any form of file encryption is way more cost-effective IMNSHO.

Last edited by unSpawn; 08-07-2008 at 07:36 AM.
 
Old 08-07-2008, 07:56 AM   #11
linuxdoniv
Member
 
Registered: Mar 2008
Posts: 63

Original Poster
Rep: Reputation: 15
hi,

1. I do not want to encrypt the file as number of read operations are more on the file.

2. The file has some important information and will be often read and rarely written by the process of one admin. The other admin should not be able to read or write to this file. Except that he must be able to act like a normal ROOT admin. or root user.

That is, there is a program in root mode which will write to a file but no other PROCESS in the root mode should be able to write to that file.

Is it possible to tie a file to a process

Please guide me further...
 
Old 08-07-2008, 08:03 AM   #12
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
No local operation can be safely denied to local root user.
 
Old 08-07-2008, 08:08 AM   #13
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
Quote:
Originally Posted by linuxdoniv View Post
The file has some important information and will be often read and rarely written by the process of one admin. The other admin should not be able to read or write to this file. Except that he must be able to act like a normal ROOT admin. or root user. That is, there is a program in root mode which will write to a file but no other PROCESS in the root mode should be able to write to that file. Is it possible to tie a file to a process
Like Raskin already said: no. In general there is no way to accomplish that. Without costly and invasive changes root is and remains omnipotent.
 
Old 08-08-2008, 12:42 AM   #14
burschik
Member
 
Registered: Jul 2008
Posts: 159

Rep: Reputation: 31
Quote:
Originally Posted by unSpawn View Post
It would be good to know what the actual file is and its purpose. If it's not in use by the system then any form of file encryption is way more cost-effective IMNSHO.
My guess is that he is trying to build some kind of intrusion detection.
 
Old 08-08-2008, 06:10 AM   #15
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601Reputation: 2601
Quote:
Originally Posted by burschik View Post
My guess is that he is trying to build some kind of intrusion detection.
How so? He clearly said "The other admin should not be able to read or write to this file". That's access restriction, isn't it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to write my own system call in mandrake 10.2 jawahar_bits Linux - Kernel 2 02-03-2007 10:14 AM
write system call basics.... bisDude Programming 6 11-04-2005 06:48 PM
How to write a system call to display the process information? balasquare@yahoo.com Programming 3 09-30-2005 01:05 AM
difficulties with large files and system call read/write jwstric2 Programming 2 08-22-2004 11:42 PM


All times are GMT -5. The time now is 11:34 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration