Some VERY ALPHA code

This page hosts some code that has been written for Linux-Privs. Comments and suggestions should be directed at linux-privs@mit.edu.

(WARNING: If you don't know what VERY ALPHA means, please do not try any of the code on this page.. Specifically, no liability is assumed if anything on this page causes you any trouble - of ANY sort!)

Latest patch against Linux-2.0.31pre9. Supplementary patches:

• The beginnings of an audit facility (this patch only audits "_exit()" events. To view/drain the audit buffer, you may find readaudit.c useful. NOTE, you need to start draining the audit buffer pretty quickly after boot if you want to avoid the system locking up...
• an enhancement to the secure-level bitmap concept from Chris Evans.

Patches against 2.1.xx:

Alexander Kjeldaas's patches for more recent (development) kernels

Complete patch features:

• General features
  • Securelevel is now a bitmap. Use to flip between capability based system and root-based one.
• Capabilities
  • task structure contains 3 capability sets
  • contents are readable from /proc/<PID>/capabilities
  • capabilities combined on exec()
  • kernel code for reading and writing capability resources.
• Generic resource fork support (Ext2 implemented)
  • functions for reading and writing (deleting resource forks) are present.
• A small patch to e2fsprogs-1.06 that will make them safe for use with capability-aware ext2 filesystems. This was provided by Zefram (who knew what he was doing...)
• Here is a modified version of the 1.06 patch (made by me and containing at least one kludge - look for XXX in the patch file) against e2fsprogs-1.09.
  In case you want the rpms for these files: SRPM, binary RPM, headers etc. for development.
• A fairly stable stab at a POSIX.1e capability library (PGP Sig). Also available in RPM (SRPM) format. Including:
  • Manual pages for everything (courtesy of Zefram)
  • getcap and setcap binaries (need to verify these are consistent with POSIX.)
  • /lib/libcap.so (shared library)
• Auditing
  • internal buffer is maintained by kernel for auditing events, this must be drained to avoid the system bogging down with sys_auditor().
  • A first cut at a user land auditing library - libaudit (note, this does not currently interface with the kernel patch, but is intended to eventually).
  • (Some audit code contributed by Christos Ricudis - this is something written pre-POSIX but may have some parts absorbed into the auditing code.. it may not.. we'll see.)
• Solar Designer's stack patch is included along with the /tmp restrictions.

Here is a compressed i486 floppy disk image (and here is my PGP signature for this file).

To try out the floppy disk, you should download the gzipped .img file and do the following:

    gunzip BootRoot.img.gz
    dd if=./BootRoot.img of=/dev/fd0 bs=1k

You should then be able to boot this file to see how the linux-privs work is coming along. (There are no passwords).

Note, the BootRoot disk does not have any hard disk, CD or any networking support compiled in (the patch to the kernel does support these, but I want to minimize hassles with this floppy). It is a simple self-contained system that copies a compressed ext2 filesystem onto a 4 megabyte ramdisk and runs from there.

---

This page was last modified on 1997/9/22

---

I can be reached at morgan@parc.power.net. PGP public Key available here
Up to my home page.

---

(started 1996/2/13)