sked for root's password in single mode.
Hmm, if I got psyhical access to machine and ttyvX are in "insecure" mode
and I know root's password I can just reboot machine and log in as root.
So if "insecure" mode is a security feature, shouldn't this be in that
way
On Tue, Dec 24, 2002 at 08:35:55AM +0100, Pawel Jakub Dawidek wrote:
+> Hello hackers...
+>
+> I've wrote file system that operate on sysctl tree.
+> Most of work is done, but some cosmetic changes are needed.
+> If somebody think that this can be usefull...
+>
+>
Hello hackers...
I've wrote file system that operate on sysctl tree.
Most of work is done, but some cosmetic changes are needed.
If somebody think that this can be usefull...
http://garage.freebsd.pl/sysctlfs.README
http://garage.freebsd.pl/sysctlfs.tbz
--
Pawel Jakub Da
I may catch even _all_ system call, so making separate functions
for every syscall isn't good idea (if I understand You well).
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38804/pgp0.pgp
Description: PGP signature
return (tmp(p, uap));
}
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38801/pgp0.pgp
Description: PGP signature
On Fri, Dec 20, 2002 at 07:43:37PM +0100, Pawel Jakub Dawidek wrote:
+> Simple example (from kld module):
+>
+> sysent[SYS_chmod].sy_call = myfunction;
+> sysent[SYS_open].sy_call = myfunction;
+> sysent[SYS_execve].sy_call = myfunction;
+>
+> int
+> myfunction(register
and I don't catch it).
So is there some diffrent way to get syscall number (in -STABLE
or in -CURRENT)? Anyone?
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38792/pgp0.pgp
Description: PGP signature
ay if You
have not-jailed users. So this isn't a complete solution.
But if there are no free ptys, I log in via:
% ssh -vC /bin/sh
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38115/pgp0.pgp
Description: PGP signature
here (line 571 in /sys/kern/vfs_cache.c):
if (vp->v_dd->v_id != vp->v_ddid) {
numcwdfail1++;
free(buf, M_TEMP);
return (ENOTDIR);
}
If "dir3" is for example NFS mount-point t
ith jail-things.
I'm wrong?
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38042/pgp0.pgp
Description: PGP signature
l stable?
I'm using mount_null(8) for my jails for a long time and everything
works fine.
milla:root:~# mount | grep null | wc -l
22
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38016/pgp0.pgp
Description: PGP signature
ere I could find some more information about it?
For now I've wrote only comments in /sys/sys/lock.h, etc.
There are any papers about programming in SMP?
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg37494/pgp0.pgp
Description: PGP signature
th, etc., has been resolved?
+>
+> This is useful if one wants to monitor a process and all the system calls it makes
+and then disallow a few of them if suspicious.
Take a look at:
http://cerber.sourceforge.net
If You want monitor only execve(), then rexec project should be
On Wed, Oct 02, 2002 at 12:45:36PM +0200, Oliver Fromme wrote:
+> Pawel Jakub Dawidek <[EMAIL PROTECTED]> wrote:
+> > With this kernel module for FreeBSD 4.x process in jail can see only
+> > file systems that are mounted in jail's chroot directory.
+> >
+>
if (vp->v_dd->v_id != vp->v_ddid) {
numcwdfail1++;
free(buf, M_TEMP);
return (ENOTDIR);
}
If "dir3" is for example NFS mount-point there are no problems.
Any ideas?
--
Pawel Jakub
ot directory is mounted on.
Statfs(2) and fstatfs(2) also returns cuted paths.
Why this isn't a part of jail(2) implementation?
Maybe I'm missing something?
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg37181/pgp0.pgp
Description: PGP signature
e crcopy() and setting P_SUGID.
*/
If "anything" really means "anything".
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg36926/pgp0.pgp
Description: PGP signature
number is stored)
for i386, alpha, ia64, sparc64 and powerpc in -CURRENT?
Thanks.
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg36646/pgp0.pgp
Description: PGP signature
r and/or group of the file.
*/
}
And:
leila:root:~# egrep "#define.*VNOVAL" /sys/sys/vnode.h
/sys/sys/vnode.h:#defineVNOVAL (-1)
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg36579/pgp0.pgp
Description: PGP signature
On Wed, Aug 28, 2002 at 08:30:18PM +0200, Pawel Jakub Dawidek wrote:
+> On Wed, Aug 28, 2002 at 05:03:23AM -0700, Terry Lambert wrote:
+> +> -- Terry
+>
+> Thanks to Your help I've found maybe better way to do this.
[...]
+> But this should works, I'm testing it at th
complicated, because if I will change address of this
function, it changes for every descriptor on this file system.
So I need cache original address of fo_close() functions, etc.
But this should works, I'm testing it at the moment.
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://gara
ode to add a null_name pointer:
[...]
Yes, but I don't want to patch kernel at all.
Everythings should be in one kld module and should works for all file
systems (ufs/ffs, fat32, procfs, etc.). File system shouldn't be
important.
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://
(nice) way.
+> Personally, I've used this technique myself, for the purposes
+> of code instrumentation for profiling on an OD for which I
+> lacked source code, but I would *never* consider exporting
+> this as a general API.
So when all kernel functions addresses will be in
of archs supported by FreeBSD.
So if You know how to port them, fell free to send me Your version:)
Thanks!
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg36531/pgp0.pgp
Description: PGP signature
Hello there...
When jailNG will be commited?
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg36152/pgp0.pgp
Description: PGP signature
#x27;t
+> chain a 'dummy' machine off of a work machine with ethernet and serial
+> debugging :) Just looking for ideas and maybe good urls or docs
+>
I got FreeBSD 4.6 STABLE in vmware2 on FreeBSD 4.6 STABLE and it is great.
I got lots of panics every day and this is really supe
wd_parser will be broken, then users can't run
it directly so I think if he wnt to use it, it should be security hole
in passwd/chpass too.
I know that passwd/chpass are safe (no security holes for long time or
never), but what You think about this solution?
--
Pawel Jakub Dawidek
UNIX
On Fri, Jul 12, 2002 at 01:36:22PM -0700, Julian Elischer wrote:
+> did you get answers to this?
+>
Here You got example how to use SLIST_* macros, sysctls, etc.:
http://garage.freebsd.pl/slist.tgz
more examples on http://garage.freebsd.pl
--
Pawel Jakub Dawidek
UNIX Systems Administrato
.securelevel' > 0 ?
+>
Yes, it does. I'm using uchg, not schg flags.
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
On Thu, Jul 11, 2002 at 01:03:56PM +0200, Pawel Jakub Dawidek wrote:
http://garage.freebsd.pl/crontab.diff
http://garage.freebsd.pl/crontab.README.eng
There You got updated patch, added chroot() to /var/cron as soon as possbile
and fixed note about permissions, for users files should be
I forgot, that should be always an empty file "root" in /var/cron/tabs
and files of all users if we don't want to gives attacker their rights.
But I think the best way is to change cron(8) that it will be check
file owner.
--
Pawel Jakub Dawidek
UNIX Systems Adm
(chflags(n, UF_IMMUTABLE) < OK)
+ {
+ warn("chflags");
+ unlink(n);
+ return (-2);
+ }
+
log_it(RealUser, Pid, "REPLACE", User);
poke_daemon();
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
On Thu, Jun 20, 2002 at 11:13:02PM +0200, Pawel Jakub Dawidek wrote:
+> What You think about something like that:
+> [17:33:39] [ttyv8] [61] leila:root:/sys/miscfs/procfs# diff procfs_subr.c.orig
+procfs_subr.c
[...]
+> This gives us new sysctl (vfs.procfs.umask) and with this we ca
What You think about something like that:
[17:33:39] [ttyv8] [61] leila:root:/sys/miscfs/procfs# diff procfs_subr.c.orig
procfs_subr.c
42a43
> #include
80a82,119
>
> SYSCTL_NODE(_vfs, OID_AUTO, procfs, CTLFLAG_RW, 0, "vfs-procfs-level");
>
> int procfsumask = 077;
>
> static int
> sysctl_vfs_
his, because in cerb (http://cerber.sourceforge.net) I need
to have function that will give me filename from file descryptor and pid.
Any ideas? I don't want to patch kernel directly.
--
Pawel Jakub Dawidek
Network Administrator.
Am I Evil? Yes, I Am.
msg33508/pgp0.pgp
Description: PGP signature
201 - 235 of 235 matches
Mail list logo