can i modify ls

can i modify ls

[Gautam Pagedar]

Hello Everyboy.
   i am new to this mailing list, so please bear with me if i don't follow
certain rules till i get used to it.  I am a research student and currently
working on a project to tweak the working of 'ls' command depending on my
requirement. I have observed that 'ls' show ALL THE FILES and DIRECTORIES in
a particular location even though a user has no access rights to it. I want
to hide all
such files for that particular user.

The Algorithm i beleive should work like this when an 'ls' command is
called.

1. Check the current directory.
2. Extract the files or directory to be displayed.
3. Check the user permissions for these files.
4. Display only those files wher user had either read, write or execute
access for all owner,group and others.

I have found out that 'ls' uses getdents64() system call for gathering the
directory information. How do i move ahead from here.

Regards,
Gautam Pagedar
Centre for Information and Network Security

Re: can i modify ls

[Erik Mouw]

On Sat, Feb 28, 2004 at 02:33:00AM +0530, Gautam Pagedar wrote:
>    i am new to this mailing list, so please bear with me if i don't follow
> certain rules till i get used to it.  I am a research student and currently
> working on a project to tweak the working of 'ls' command depending on my
> requirement. I have observed that 'ls' show ALL THE FILES and DIRECTORIES in
> a particular location even though a user has no access rights to it. I want
> to hide all
> such files for that particular user.

It already works like you expect it to do:

erik@zurix:/tmp/test >mkdir a b
erik@zurix:/tmp/test >touch a/c
erik@zurix:/tmp/test >ls -lR
.:
total 1
drwxr-xr-x    2 erik     users          72 Feb 24 11:49 a/

./a:
total 0
-rw-r--r--    1 erik     users           0 Feb 24 11:49 c

erik@zurix:/tmp/test >chmod -r a
erik@zurix:/tmp/test >ls -lR
.:
total 1
d-wx--x--x    2 erik     users          72 Feb 24 11:49 a/

ls: ./a: Permission denied
erik@zurix:/tmp/test >chmod -x a
erik@zurix:/tmp/test >cd a
a: Permission denied.



Erik

-- 
+-- Erik Mouw -- www.harddisk-recovery.com -- +31 70 370 12 90 --
| Lab address: Delftechpark 26, 2628 XH, Delft, The Netherlands

Re: can i modify ls

[Alessandro Salvatori]

a directory is a file. it has got its own rights, that are rights 
referred to that particular file. maybe you should not allow people to 
use ls and make them use your own ls_patched but they still could give a 
"echo *" command which would be expanded by bash or other shells... 
so... what could you do with that? are you going to patch any shell you 
give access to?
let me know, it's quite interesting...
cheers
Alessandro Salvatori

Gautam Pagedar wrote:

>Hello Everyboy.
>   i am new to this mailing list, so please bear with me if i don't follow
>certain rules till i get used to it.  I am a research student and currently
>working on a project to tweak the working of 'ls' command depending on my
>requirement. I have observed that 'ls' show ALL THE FILES and DIRECTORIES in
>a particular location even though a user has no access rights to it. I want
>to hide all
>such files for that particular user.
>
>The Algorithm i beleive should work like this when an 'ls' command is
>called.
>
>1. Check the current directory.
>2. Extract the files or directory to be displayed.
>3. Check the user permissions for these files.
>4. Display only those files wher user had either read, write or execute
>access for all owner,group and others.
>
>I have found out that 'ls' uses getdents64() system call for gathering the
>directory information. How do i move ahead from here.
>
>Regards,
>Gautam Pagedar
>Centre for Information and Network Security
>
>
>
>
>
>
>
>
>
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at  http://www.tux.org/lkml/
>
>
>  
>

Re: can i modify ls

[Tomas Szepe]

On Feb-24 2004, Tue, 15:55 +0000
Alessandro Salvatori <a.salvatori@universitari.crocetta.org> wrote:

> it's quite interesting...

Actually, it's not.

1) The presence/absence of the read permission on a directory determines
	whether the user will be able to list the directory's contents.

2) The fs permission model is enforced by the kernel.  Trying to impose
	additional restrictions in userspace is fragile, futile and
	an incredibly stupid idea.

-- 
Tomas Szepe <szepe@pinerecords.com>

Re: can i modify ls

[Richard B. Johnson]

On Tue, 24 Feb 2004, Tomas Szepe wrote:

> On Feb-24 2004, Tue, 15:55 +0000
> Alessandro Salvatori <a.salvatori@universitari.crocetta.org> wrote:
>
> > it's quite interesting...
>
> Actually, it's not.
>
> 1) The presence/absence of the read permission on a directory determines
> 	whether the user will be able to list the directory's contents.
>
> 2) The fs permission model is enforced by the kernel.  Trying to impose
> 	additional restrictions in userspace is fragile, futile and
> 	an incredibly stupid idea.

If you don't have any programming tools and no access to any (like
a banking or restrictive office environment), and there is no
way to get any external executable files to run, i.e., no floppy
or no shell that could possibly access one, then writing a minimal
'ls' program that allows the clerk to see what's in her directory
might be useful.

So, it just might not be, as you say; "an incredibly stupid idea".

Cheers,
Dick Johnson
Penguin : Linux version 2.4.24 on an i686 machine (797.90 BogoMips).
            Note 96.31% of all statistics are fiction.

Re: can i modify ls

[Tomas Szepe]

On Feb-24 2004, Tue, 11:44 -0500
Richard B. Johnson <root@chaos.analogic.com> wrote:

> On Tue, 24 Feb 2004, Tomas Szepe wrote:
> 
> > On Feb-24 2004, Tue, 15:55 +0000
> > Alessandro Salvatori <a.salvatori@universitari.crocetta.org> wrote:
> >
> > > it's quite interesting...
> >
> > Actually, it's not.
> >
> > 1) The presence/absence of the read permission on a directory determines
> > 	whether the user will be able to list the directory's contents.
> >
> > 2) The fs permission model is enforced by the kernel.  Trying to impose
> > 	additional restrictions in userspace is fragile, futile and
> > 	an incredibly stupid idea.
> 
> If you don't have any programming tools and no access to any (like
> a banking or restrictive office environment), and there is no
> way to get any external executable files to run, i.e., no floppy
> or no shell that could possibly access one, then writing a minimal
> 'ls' program that allows the clerk to see what's in her directory
> might be useful.

So what is it exactly that prevents the admin from running /bin/chmod
in the setup you're describing?

-- 
Tomas Szepe <szepe@pinerecords.com>

Re: can i modify ls

[Richard B. Johnson]

On Tue, 24 Feb 2004, Tomas Szepe wrote:

> On Feb-24 2004, Tue, 11:44 -0500
> Richard B. Johnson <root@chaos.analogic.com> wrote:
>
> > On Tue, 24 Feb 2004, Tomas Szepe wrote:
> >
> > > On Feb-24 2004, Tue, 15:55 +0000
> > > Alessandro Salvatori <a.salvatori@universitari.crocetta.org> wrote:
> > >
> > > > it's quite interesting...
> > >
> > > Actually, it's not.
> > >
> > > 1) The presence/absence of the read permission on a directory determines
> > > 	whether the user will be able to list the directory's contents.
> > >
> > > 2) The fs permission model is enforced by the kernel.  Trying to impose
> > > 	additional restrictions in userspace is fragile, futile and
> > > 	an incredibly stupid idea.
> >
> > If you don't have any programming tools and no access to any (like
> > a banking or restrictive office environment), and there is no
> > way to get any external executable files to run, i.e., no floppy
> > or no shell that could possibly access one, then writing a minimal
> > 'ls' program that allows the clerk to see what's in her directory
> > might be useful.
>
> So what is it exactly that prevents the admin from running /bin/chmod
> in the setup you're describing?

No such program. FYI, there are lots of systems where the root file-system
has a very limited set of tools, sometimes it's on NFS. The machine needs
to be booted with a different root for maintenance. This is even
commonplace for store cash-register, and resturant menu setups
where there is a "server" in the back room that needs to be restarted
in a maintenance mode, been that way since DOS 3.0. A system is
secure if (1) there are no tools available to harm it, and (2) if
the box that contains additional tools is (physically) locked up.

Cheers,
Dick Johnson
Penguin : Linux version 2.4.24 on an i686 machine (797.90 BogoMips).
            Note 96.31% of all statistics are fiction.

Re: can i modify ls

[Denis Vlasenko]

On Tuesday 24 February 2004 20:44, Richard B. Johnson wrote:
> On Tue, 24 Feb 2004, Tomas Szepe wrote:
> > On Feb-24 2004, Tue, 11:44 -0500
> >
> > Richard B. Johnson <root@chaos.analogic.com> wrote:
> > > On Tue, 24 Feb 2004, Tomas Szepe wrote:
> > > > On Feb-24 2004, Tue, 15:55 +0000
> > > >
> > > > Alessandro Salvatori <a.salvatori@universitari.crocetta.org> wrote:
> > > > > it's quite interesting...
> > > >
> > > > Actually, it's not.
> > > >
> > > > 1) The presence/absence of the read permission on a directory
> > > > determines whether the user will be able to list the directory's
> > > > contents.
> > > >
> > > > 2) The fs permission model is enforced by the kernel.  Trying to
> > > > impose additional restrictions in userspace is fragile, futile and an
> > > > incredibly stupid idea.
> > >
> > > If you don't have any programming tools and no access to any (like
> > > a banking or restrictive office environment), and there is no
> > > way to get any external executable files to run, i.e., no floppy
> > > or no shell that could possibly access one, then writing a minimal
> > > 'ls' program that allows the clerk to see what's in her directory
> > > might be useful.
> >
> > So what is it exactly that prevents the admin from running /bin/chmod
> > in the setup you're describing?
>
> No such program. FYI, there are lots of systems where the root file-system
> has a very limited set of tools, sometimes it's on NFS. The machine needs
> to be booted with a different root for maintenance. This is even
> commonplace for store cash-register, and resturant menu setups
> where there is a "server" in the back room that needs to be restarted
> in a maintenance mode, been that way since DOS 3.0. A system is
> secure if (1) there are no tools available to harm it, and (2) if
> the box that contains additional tools is (physically) locked up.

Yes.
But if user has sh, cat and single writable location,
he can just type in any ELF executable, provided (s)he
is clever/mad enough.

That is the exact reason why I abolished [/usr]/sbin
silliness on all my boxen long ago. Copied everything
into corresponding bin/ and chmod'ed a+rx.

I keep symlinks (sbin -> bin) just in case some silly
script expects them to exist.
--
vda

Re: can i modify ls

[Markus Klotzbuecher]

On Friday 27 February 2004 22:03, Gautam Pagedar wrote:

> working on a project to tweak the working of 'ls' command depending on my
> requirement. I have observed that 'ls' show ALL THE FILES and DIRECTORIES
> in a particular location even though a user has no access rights to it. I
> want to hide all
> such files for that particular user.
>
> The Algorithm i beleive should work like this when an 'ls' command is
> called.
>
> 1. Check the current directory.
> 2. Extract the files or directory to be displayed.
> 3. Check the user permissions for these files.
> 4. Display only those files wher user had either read, write or execute
> access for all owner,group and others.
>
> I have found out that 'ls' uses getdents64() system call for gathering the
> directory information. How do i move ahead from here.

You could do it in the kernel, by using a stackable filesystem and tweaking 
the readdir file operation to do what you want. Then you can mount it on top 
of the root filesystem, and all accesses will pass through it, where you hold 
back the files a user shouldn't see.
On www.filesystems.org you can find bare stackable filesystem templates by 
Erez Zadoc, but maybe you could even use the high level Fist language to 
generate such a filesystem.

Just an idea...

Cheers

	Markus

Re: can i modify ls

[James Lamanna]

On Sat, Feb 28, 2004 at 02:33:00AM +0530, Gautam Pagedar wrote:
>> i am new to this mailing list, so please bear with me if i don't follow 
>> certain rules till i get used to it. >> I am a research student and 
>> currently working on a project to tweak the working of 'ls' command 
>> depending on >> my requirement. I have observed that 'ls' show ALL THE 
>> FILES and DIRECTORIES in a particular location even >> though a user 
>> has no access rights to it. I want to hide all
>> such files for that particular user.


> It already works like you expect it to do:

> erik@zurix:/tmp/test >mkdir a b
> erik@zurix:/tmp/test >touch a/c
> erik@zurix:/tmp/test >ls -lR
> .:
> total 1
> drwxr-xr-x 2 erik users 72 Feb 24 11:49 a/ ./a:
> total 0
> -rw-r--r-- 1 erik users 0 Feb 24 11:49 c erik@zurix:/tmp/test >chmod -r a
> erik@zurix:/tmp/test >ls -lR
> .:
> total 1
> d-wx--x--x 2 erik users 72 Feb 24 11:49 a/ ls: ./a: Permission denied
> erik@zurix:/tmp/test >chmod -x a
> erik@zurix:/tmp/test >cd a
> a: Permission denied.

I think the behavior that he is looking for is the old behavior that 
Novell Netware used to exhibit - if you don't have any permissions at all, 
it wouldn't list the directory anywhere (at least in windows-type file 
browsers):

james@agard:~/s$ su
Password:
agard:/home/james/s# touch c
agard:/home/james/s# chmod 600 c
agard:/home/james/s# mkdir b
agard:/home/james/s# mkdir a
agard:/home/james/s# chmod 700 a
agard:/home/james/s# ls -alR
.:
total 16
drwxr-xr-x    4 james    james        4096 Feb 23 15:10 .
drwxr-xr-x   48 james    james        4096 Feb 23 15:09 ..
drwx------    2 root     root         4096 Feb 23 15:10 a
drwxr-xr-x    2 root     root         4096 Feb 23 15:10 b
-rw-------    1 root     root            0 Feb 23 15:09 c

./a:
total 8
drwx------    2 root     root         4096 Feb 23 15:10 .
drwxr-xr-x    4 james    james        4096 Feb 23 15:10 ..

./b:
total 8
drwxr-xr-x    2 root     root         4096 Feb 23 15:10 .
drwxr-xr-x    4 james    james        4096 Feb 23 15:10 ..
agard:/home/james/s# exit
exit


james@agard:~/s$ ls -alR
.:
total 16
drwxr-xr-x    4 james    james        4096 Feb 23 15:10 .
drwxr-xr-x   48 james    james        4096 Feb 23 15:09 ..
drwx------    2 root     root         4096 Feb 23 15:10 a
drwxr-xr-x    2 root     root         4096 Feb 23 15:10 b
-rw-------    1 root     root            0 Feb 23 15:09 c
ls: ./a: Permission denied

./b:
total 8
drwxr-xr-x    2 root     root         4096 Feb 23 15:10 .
drwxr-xr-x    4 james    james        4096 Feb 23 15:10 ..
james@agard:~/s$

So in the user directory listing above, he doesn't want the directory a or 
the file c to be displayed at all (since the user doing the ls has no 
permissions on either).