Sun security problem with floppies.

[John F Haugh II]

In article <1991Jun2.014516.29451 at nntp.hut.fi> jkp at cs.HUT.FI (Jyrki Kuoppala) writes:
>I'd suppose that floppies on a Sun are used mostly to transfer data to
>some other kinds of computers, writing some personal files with tar,
>using MS-LOSS tools or something like that, not mounting them.  Making
>the floppy device unreadable would make it useless for this purpose.
>
>Suggested fix: don't mount the floppy in the first place.

Better Suggested Fix:

Write a little utility which will change the ownership of the floppy
disk from some standard UID that you make up to own the device to the
real UID of the invoker.  Something like this -
--
#if	0
cc -o checkin -DHAVE_FUSER checkinout.c
touch /etc/checkinout
cp checkin /usr/local/bin
ln /usr/local/bin/checkin /usr/local/bin/checkout
chown root /usr/local/bin/checkin
chmod 400 /etc/checkinout
chmod 4711 /usr/local/bin/checkin
exit 0
#endif

/*
 * checkinout.c - manage a sharable device
 *
 *	You must define the HAVE_FCHOWN macro on the compile command
 *	line if you have the fchown() system call.
 *	Otherwise don't bother using this thing because it can let
 *	anyone change the ownership of any file (more or less ...)
 *	It is only safe without HAVE_FCHOWN if you have no writable
 *	directories on the root partition (which should be the only
 *	place with files owned by UNUSED_NAME) and if your system
 *	does not have symbolic links.
 *
 *	You should define the HAVE_FUSER macro if you have the fuser
 *	command.  It will be used to clean the device before giving
 *	it to you.
 *
 *	To compile and install this source code, feed to /bin/sh
 *	as root.
 */

#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
#include <stdio.h>

#define	UNUSED_NAME	"share"
#define	SHARE_FILES	"/etc/checkinout"

usage ()
{
	fprintf (stderr, "usage:\tcheckin <device>\n\tcheckout <device>\n");
	exit (1);
}

main (argc, argv)
int	argc;
char	**argv;
{
	struct	passwd	*pwd;
	uid_t	unused_uid;
	struct	stat	sb;
	enum	{ in, out, unknown } in_out;
	char	*cp;
	char	*Prog;
	int	fd;
	char	buf[BUFSIZ];
	FILE	*valid;
	char	*strchr();

	if (argc != 2)
		usage ();

	if (Prog = strchr (argv[0], '/'))
		Prog++;
	else
		Prog = argv[0];

	if (strcmp ("checkin", Prog) == 0)
		in_out = in;
	else if (strcmp ("checkout", Prog) == 0)
		in_out = out;
	else
		usage ();

	if (! (valid = fopen (SHARE_FILES, "r"))) {
		fprintf (stderr,
			"no list of shared devices in %s\n", SHARE_FILES);
		exit (1);
	}
	while (fgets (buf, sizeof buf, valid)) {
		if (cp = strchr (buf, '\n'))
			*cp = '\0';

		if (strcmp (argv[1], buf) == 0)
			break;
	}
	if (feof (valid)) {
		fprintf (stderr, "unknown device: %s\n", argv[1]);
		exit (1);
	}
	if ((pwd = getpwnam (UNUSED_NAME)) == 0) {
		fprintf (stderr, "no sharable device owner\n");
		exit (1);
	}
#ifdef	HAVE_FCHOWN
	if ((fd = open (argv[1], O_RDONLY|O_NDELAY)) < 0) {
		perror (argv[1]);
		exit (1);
	}
	if (fstat (fd, &sb)) {
		perror (argv[1]);
		exit (1);
	}
	if (in_out == in && sb.st_uid != getuid () && getuid () != 0) {
		fprintf (stderr, "device not owned by invoker\n");
		exit (1);
	}
	if (in_out == out && sb.st_uid != pwd->pw_uid && getuid () != 0) {
		fprintf (stderr, "device not owned by %s\n", UNUSED_NAME);
		exit (1);
	}
	if (fchown (fd, in_out == in ? pwd->pw_uid:getuid(), sb.st_gid)) {
		perror (argv[1]);
		exit (1);
	}
	if (fchown (fd, 0)) {
		perror (argv[1]);
		exit (1);
	}
	close (fd);
#else
	if (stat (argv[1], &sb)) {
		perror (argv[1]);
		exit (1);
	}
	if (in_out == in && sb.st_uid != getuid () && getuid () != 0) {
		fprintf (stderr, "device not owned by invoker\n");
		exit (1);
	}
	if (in_out == out && sb.st_uid != pwd->pw_uid && getuid () != 0) {
		fprintf (stderr, "device not owned by %s\n", UNUSED_NAME);
		exit (1);
	}
	if (chown (argv[1], in_out == in ? pwd->pw_uid:getuid(), sb.st_gid)) {
		perror (argv[1]);
		exit (1);
	}
	if (chmod (argv[1], 0)) {
		perror (argv[1]);
		exit (1);
	}
#endif
#ifdef	HAVE_FUSER
	sprintf (buf, "fuser -k %s >> /dev/null", argv[1]);
	(void) system (buf);
#endif
	exit (0);
}
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh at rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."