[EMAIL PROTECTED] (Bryan Paxton) writes:
Hello there,
I'm the actual maitainer of msec but the latest modifications were made by
someone else and msec is now in different in many ways (rewritten in
python) ... please get the latest version before sending more patches ...
that we are thankful for though :o)
> For information about this patch, see the message I sent in earlier to
> the list. This revised patch simply makes use of the new find_lib()
> function, and makes the default hard file size (PAM) 100MB (was 40MB).
>
> More to come soon : )
> And please, someone inform me of who is currently maintaining msec so
> that I may send the patch directly to that person instead of the list.
> (unless the list wants to see all the patch information).
>
> NOTE: This is not an update patch, but revised. Patch against vanilla
> msec-0.18 (mdk rel 1)
>
>
> custom.sh | 9 +++++----
> level4.sh | 4 ++--
> level5.sh | 4 ++--
> levelsnf.sh | 4 ++--
> lib.sh | 24 ++++++++++++++++++++++--
> lib.sh.usermode | 24 +++++++++++++++++++++++-
> 6 files changed, 56 insertions(+), 13 deletions(-)
>
> /* Begin patch */
>
> diff -urN msec-0.18/init-sh/custom.sh msec/init-sh/custom.sh
> --- msec-0.18/init-sh/custom.sh Sat Dec 1 23:55:23 2001
> +++ msec/init-sh/custom.sh Mon Jan 28 15:38:35 2002
> @@ -81,7 +81,8 @@
> fi
> ###
>
> -if [[ -f /lib/libsafe.so.2 ]]; then
> +find_lib libsafe.so.2
> +if [[ ${FE} == true ]]; then
> echo "Do you want to enable the libsafe stack overflow protection ?"
> echo "This stack overflow protection work by catching dangerous function call"
> echo "like strcpy, strcat, getwd, gets, [vf]scanf, realpath, [v]sprintf"
> @@ -90,7 +91,7 @@
> echo "destination address, and by substracting the frame address to the destination
>buffer one"
> WaitAnswer; clear
> if [[ ${answer} == yes ]]; then
> - AddRules "/lib/libsafe.so.2" /etc/ld.so.preload
> + AddRules ${f_lib} /etc/ld.so.preload
> fi
> fi
>
> @@ -367,7 +368,7 @@
> ### Pam
> clear
>
> -dfsize=40000
> +dfsize=100000
> echo "We help prevent certain types of DoS attacks through the use of PAM(Pluggable
>Authentication Modules.)"
> echo "By setting a limit on how big user files may get and how many processes a
>user may run."
>
> @@ -381,7 +382,7 @@
> echo "Would you like to set a maximum file size a user is allowed ?"
> WaitAnswer; clear
> if [[ ${answer} == yes ]]; then
> - echo "What shall be the maximum file size(default is $(dfsize))"
> + echo "What shall be the maximum file size(default is 100MB)"
> echo -n "Size : "
> read fsize
> if [[ -z ${fsize} ]]; then
> diff -urN msec-0.18/init-sh/level4.sh msec/init-sh/level4.sh
> --- msec-0.18/init-sh/level4.sh Sun Dec 2 00:03:03 2001
> +++ msec/init-sh/level4.sh Mon Jan 28 15:27:54 2002
> @@ -106,9 +106,9 @@
> AddRules "UMASK_ROOT=022" /etc/sysconfig/msec
> AddRules "UMASK_USER=077" /etc/sysconfig/msec
>
> -if [[ -f /lib/libsafe.so.2 ]]; then
> +find_lib libsafe.so.2
> echo "Enabling stack overflow protection :"
> - AddRules "/lib/libsafe.so.2" /etc/ld.so.preload
> + AddRules ${f_lib} /etc/ld.so.preload
> fi
>
> # Console timeout
> diff -urN msec-0.18/init-sh/level5.sh msec/init-sh/level5.sh
> --- msec-0.18/init-sh/level5.sh Sun Dec 2 00:03:03 2001
> +++ msec/init-sh/level5.sh Mon Jan 28 15:28:55 2002
> @@ -118,9 +118,9 @@
> AddRules "UMASK_ROOT=077" /etc/sysconfig/msec
> AddRules "UMASK_USER=077" /etc/sysconfig/msec
>
> -if [[ -f /lib/libsafe.so.2 ]]; then
> +find_lib libsafe.so.2
> echo "Enabling stack overflow protection :"
> - AddRules "/lib/libsafe.so.2" /etc/ld.so.preload
> + AddRules ${f_lib} /etc/ld.so.preload
> fi
>
> # Console timeout
> diff -urN msec-0.18/init-sh/levelsnf.sh msec/init-sh/levelsnf.sh
> --- msec-0.18/init-sh/levelsnf.sh Sun Dec 2 00:03:03 2001
> +++ msec/init-sh/levelsnf.sh Mon Jan 28 15:29:18 2002
> @@ -143,9 +143,9 @@
> AddRules "UMASK_ROOT=022" /etc/sysconfig/msec
> AddRules "UMASK_USER=077" /etc/sysconfig/msec
>
> -if [[ -f /lib/libsafe.so.2 ]]; then
> +find_lib libsafe.so.2
> echo "Enabling stack overflow protection :"
> - AddRules "/lib/libsafe.so.2" /etc/ld.so.preload
> + AddRules ${f_lib} /etc/ld.so.preload
> fi
>
> # Do not boot on a shell
> diff -urN msec-0.18/init-sh/lib.sh msec/init-sh/lib.sh
> --- msec-0.18/init-sh/lib.sh Thu Jan 17 11:22:55 2002
> +++ msec/init-sh/lib.sh Mon Jan 28 15:26:32 2002
> @@ -299,7 +299,7 @@
>
> RootSshLogin () {
> echo -n "Setting up the root ssh login : "
> - if [[ $1 == 4 || $1 == 5 || $1 == snf ]]; then
> + if [[ $1 == 3 || $1 == 4 || $1 == 5 || $1 == snf ]]; then
> /bin/sed 's/PermitRootLogin yes/PermitRootLogin no/' <
>/etc/ssh/sshd_config > /etc/ssh/sshd_config.new
> mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config
> chmod 0600 /etc/ssh/sshd_config
> @@ -337,6 +337,27 @@
> fi
> }
>
> +
> +# Safer way to find libs to be appended to to ld.so.preload (e.g., libsafe)
> +find_lib() {
> + export FE=NULL
> + declare -a spath
> + spath=("/lib/" "/usr/lib/" "/usr/local/lib/")
> + for i in ${spath[@]}
> +do
> + if [[ -f ${i}${1} ]]
> + then
> + export f_lib=${i}${1}
> + export FE=true
> + break
> + else
> + export FE=false
> + break
> + fi
> +done
> +}
> +
> +
> # If we are currently installing our
> # system with DrakX, we don't ask anything to the user...
> # Instead, DrakX does it and gives us a file with some variables.
> @@ -403,7 +424,6 @@
> groupadd -g 33 ntools >& /dev/null
> groupadd -g 34 ctools >& /dev/null
> groupadd -g 81 audio >& /dev/null
> -
> usermod -G xgrp xfs
>
> /usr/share/msec/grpuser.sh --clean
> diff -urN msec-0.18/init-sh/lib.sh.usermode msec/init-sh/lib.sh.usermode
> --- msec-0.18/init-sh/lib.sh.usermode Thu Jan 17 11:22:55 2002
> +++ msec/init-sh/lib.sh.usermode Mon Jan 28 15:26:32 2002
> @@ -301,6 +301,29 @@
> }
>
>
> +
> +# Safer way to find libs to be appended to to ld.so.preload (e.g., libsafe)
> +find_lib() {
> + export FE=NULL
> + declare -a spath
> + spath=("/lib/" "/usr/lib/" "/usr/local/lib/")
> + for i in ${spath[@]}
> +do
> + if [[ -f ${i}${1} ]]
> + then
> + export f_lib=${i}${1}
> + export FE=true
> + break
> + else
> + export FE=false
> + break
> + fi
> +done
> +}
> +
> +
> +
> +
> # If we are currently installing our
> # system with DrakX, we don't ask anything to the user...
> # Instead, DrakX does it and gives us a file with some variables.
> @@ -348,7 +371,6 @@
> groupadd -g 33 ntools >& /dev/null
> groupadd -g 34 ctools >& /dev/null
> groupadd -g 81 audio >& /dev/null
> -
> usermod -G xgrp xfs
>
> /usr/share/msec/grpuser.sh --clean
>
> /* End Patch */
--
Florin http://www.mandrakesoft.com
