838 |
address_group localnet 192.168.0.0-192.168.255.255 |
address_group localnet 192.168.0.0-192.168.255.255 |
839 |
|
|
840 |
in the exception policy. |
in the exception policy. |
841 |
|
|
842 |
|
Fix 2007/03/03 |
843 |
|
|
844 |
|
@ Remove obsolete functions. |
845 |
|
|
846 |
|
@ Add some hooks. |
847 |
|
|
848 |
|
Read permission check is done if open_exec() |
849 |
|
is called from search_binary_handler(). |
850 |
|
Read permission check is not done if open_exec() |
851 |
|
is called from do_execve(), instead, |
852 |
|
execute permission check is done at |
853 |
|
search_binary_handler_with_transition(). |
854 |
|
|
855 |
|
I moved the location of calling CheckCapabilityACL() |
856 |
|
and CheckMountPermission() from sys_mount() to do_mount(). |
857 |
|
|
858 |
|
Fix 2007/03/07 |
859 |
|
|
860 |
|
@ Use 'unsigned int' for sscanf(). |
861 |
|
|
862 |
|
I compiled SYAORAN fs on x86_64 environment and found |
863 |
|
the compiler showing warning messages about size of data types. |
864 |
|
Since size of data types may mismatch for sscanf(), |
865 |
|
I replaced some types with 'unsigned int'. |
866 |
|
|
867 |
|
Version 1.4 2007/04/01 x86_64 support release. |
868 |
|
|
869 |
|
Fix 2007/04/18 |
870 |
|
|
871 |
|
@ Change argv[0] checking rule. |
872 |
|
|
873 |
|
I was comparing the basename of symbolic link's pathname and argv[0]. |
874 |
|
Since execute permission check and domain transition are done |
875 |
|
based on realpath while argv[0] check is done based on the symlink's |
876 |
|
pathname and argv[0], this specification will allow attackers behave |
877 |
|
as /bin/cat in the domain of /bin/ls if "/bin/ls and /bin/cat are |
878 |
|
links to /sbin/busybox" and "the attacker is permitted to create |
879 |
|
a symlink named ~/cat that points to /bin/ls" and "the attacker is |
880 |
|
permitted to run /bin/ls". |
881 |
|
So, I changed to compare the basename of realpath and argv[0]. |
882 |
|
Also, I moved the location to compare before processing |
883 |
|
"aggregator" directive so that |
884 |
|
"aggregator /tmp/logrotate.\?\?\?\?\?\? /tmp/logrotate.tmp" |
885 |
|
won't cause the mismatch of the basename of realpath and argv[0]. |
886 |
|
|
887 |
|
If /bin/ls is a symlink to /sbin/busybox, then |
888 |
|
creating a symlink named ~/cat that points to /bin/ls and |
889 |
|
executing ~/cat won't work as expected because permission check and |
890 |
|
domain transition are done using /sbin/busybox (realpath of /bin/ls) |
891 |
|
and will be rejected since the administrator won't grant |
892 |
|
"1 /sbin/busybox". |
893 |
|
|
894 |
|
Fix 2007/05/07 |
895 |
|
|
896 |
|
@ Support pathname subtraction. |
897 |
|
|
898 |
|
There was no way to exclude specific pathnames when granting |
899 |
|
permissions using wildcards. |
900 |
|
There would be a need to exclude specific files and directories. |
901 |
|
I introduced "\-" as subtraction operator. |
902 |
|
|
903 |
|
"A\-B" means "A" other than "B". |
904 |
|
"A\-B\-C" means "A" other than "B" and "C". |
905 |
|
"A\-B\-C\-D" means "A" other than "B" and "C" and "D". |
906 |
|
|
907 |
|
"A", "B", "C", "D" may contain wildcards. |
908 |
|
|
909 |
|
An example usage is "/home/\*/\*\-.ssh/\*", which means |
910 |
|
"/home/\*/\*/\*" other than "/home/\*/.ssh/\*". |
911 |
|
|
912 |
|
"A" should contain wildcards because subtraction from constants |
913 |
|
(e.g. "/usr\-usr/" or "/usr\-home/") is meaningless. |
914 |
|
|
915 |
|
Don't try "A\-B\+C" because "\+" is not addition operator. |
916 |
|
|
917 |
|
Fix 2007/05/24 |
918 |
|
|
919 |
|
@ Fix autobind hook. |
920 |
|
|
921 |
|
The location to call SAKURA_MayAutobind() in net/ipv4/udp.c |
922 |
|
and net/ipv6/udp.c were wrong. |
923 |
|
|
924 |
|
Fix 2007/06/03 |
925 |
|
|
926 |
|
@ Add a space in MakeMountOptions(). |
927 |
|
|
928 |
|
I forgot to add a space after "atime" and "noatime". |
929 |
|
|
930 |
|
Version 1.4.1 2007/??/?? Minor update release. |