|
|
Sponsored Content
The Lounge
What is on Your Mind?
The Order of the Wizard's Hat - Lifetime Achievement Award 2019 - Congrats to Scrutinizer
Post 303029198 by RudiC on Wednesday 23rd of January 2019 05:41:07 AM
|
|
8 More Discussions You Might Find Interesting
1. Cybersecurity
Hello everyone!
Could someone tell me where and how can I change the default value for root password lifetime. Now it is 30 days and I want to increase it on 90.
The passwd -x doesn't help because after 90 days it will again go to default value. The OS is Tru64 5.1 and enhanced security is... (1 Reply)
Discussion started by: veccinho
1 Replies
2. What is on Your Mind?
Happy New Year!
There are currently four UNIX.COM achievement awards up for grabs, as the say. Here they are, in no particular order:
The Order of the Raven
The Order of the Hippo
The Order of the Spider
The Order of the Dragon
Don't ask me what they mean, or who who will get those... (0 Replies)
Discussion started by: Neo
0 Replies
3. What is on Your Mind?
Congrats to Corona688 for a much deserved and long overdue lifetime achievement award badge from UNIX.COM in computer wizardry:
"The Order of the Wizard's Hat - Lifetime Achievement Award"
This "Order of the Wizard's Hat" is presented to Corona688 in 2019 for UNIX Wizardry and his continued... (6 Replies)
Discussion started by: Neo
6 Replies
4. What is on Your Mind?
Please join me in congratulations to Wolf Machowitsch (bakunin) for his long overdue lifetime achievement award badge from UNIX.COM in computer wizardry:
"The Order of the Wizard's Hat - Lifetime Achievement Award"
This "Order of the Wizard's Hat" is presented to Wolf Machowitsch (bakunin)... (11 Replies)
Discussion started by: Neo
11 Replies
5. What is on Your Mind?
Congrats to wisecracker for the first lifetime achievement award badge from UNIX.COM in computer wizardry:
"The Order of the Wizard's Hat - Lifetime Achievement Award"
The first "Order of the Wizard's Hat" is presented to wisecracker in 2019 for RF Electronics Engineering and Computer... (6 Replies)
Discussion started by: Neo
6 Replies
6. What is on Your Mind?
Please join me in congratulating RudiC for his long overdue lifetime achievement award badge from UNIX.COM in computer wizardry:
"The Order of the Wizard's Hat - Lifetime Achievement Award"
This "Order of the Wizard's Hat" is presented to RudiC for Computer Wizardry in the UNIX Operating... (10 Replies)
Discussion started by: Neo
10 Replies
7. What is on Your Mind?
Dear All,
I am pleased to post that I am announcing a new award, "Poster of the Year 2019" and calling for your nominations (privately to me).
This is a new award and I plan to announce the winner for this year (2019) in January 2020. The prizes will be (still working out the details):
... (0 Replies)
Discussion started by: Neo
0 Replies
8. What is on Your Mind?
Dear All,
We are happy to post that I will be announcing soon my award for "Moderator of the Year 2019". This is a new award which I plan to announce in December of each year, starting this year (2019). The prizes will be (still working out the details):
A Moderator of the Year... (3 Replies)
Discussion started by: Neo
3 Replies
LEARN ABOUT SUSE
aa_change_hat
AA_CHANGE_HAT(2) AppArmor AA_CHANGE_HAT(2) NAME
aa_change_hat - change to or from a "hat" within a AppArmor profile SYNOPSIS
#include <sys/apparmor.h> int aa_change_hat (char *subprofile, unsigned long magic_token); Link with -lapparmor when compiling. DESCRIPTION
An AppArmor profile applies to an executable program; if a portion of the program needs different access permissions than other portions, the program can "change hats" to a different role, also known as a subprofile. To change into a new hat, it calls the aa_change_hat() function to do so. It passes in a pointer to the subprofile which it wants to change into, and a 64bit magic_token. The magic_token is used to return out of the subprofile at a later time. If a program wants to return out of the current subprofile to the original profile, it calls aa_change_hat() with a pointer to NULL as the subprofile, and the original magic_token value. If the magic_token does not match the original magic_token passed into the kernel when the program entered the subprofile, the change back to the original profile will not happen, and the current task will be killed. If the magic_token matches the original token, then the process will change back to the original profile. If the program wants to change to a subprofile that it can never change back out of, the application should call aa_change_hat() with a magic_token of 0. As both read(2) and write(2) are mediated, a file must be listed in a subprofile definition if the file is to be accessed while the process is in a "hat". RETURN VALUE
On success zero is returned. On error, -1 is returned, and errno(3) is set appropriately. ERRORS
EINVAL The apparmor kernel module is not loaded or the communication via the /proc/*/attr/current file did not conform to protocol. ENOMEM Insufficient kernel memory was available. EPERM The calling application is not confined by apparmor. ECHILD The application's profile has no hats defined for it. EACCES The specified subprofile does not exist in this profile or the process tried to change another process's domain. EXAMPLE
The following code examples shows simple, if contrived, uses of aa_change_hat(); a typical use of aa_change_hat() will separate privileged portions of a process from unprivileged portions of a process, such as keeping unauthenticated network traffic handling separate from authenticated network traffic handling in OpenSSH or executing user-supplied CGI scripts in apache. The use of random(3) is simply illustrative. Use of /dev/urandom is recommended. First, a simple high-level overview of aa_change_hat() use: void foo (void) { unsigned long magic_token; /* get a random magic token value from our huge entropy pool */ magic_token = random_function(); /* change into the subprofile while * we do stuff we don't trust */ aa_change_hat("stuff_we_dont_trust", magic_token); /* Go do stuff we don't trust -- this is all * done in *this* process space, no separate * fork()/exec()'s are done. */ interpret_perl_stuff(stuff_from_user); /* now change back to our original profile */ aa_change_hat(NULL, magic_token); } Second, an example to show that files not listed in a subprofile ("hat") aren't accessible after an aa_change_hat() call: #include <stdlib.h> #include <string.h> #include <sys/apparmor.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> #include <unistd.h> int main(int argc, char *argv[]) { int fd; unsigned long tok; char buf[10]; /* random() is a poor choice */ tok = random(); /* open /etc/passwd outside of any hat */ if ((fd=open("/etc/passwd", O_RDONLY)) < 0) perror("Failure opening /etc/passwd"); /* confirm for ourselves that we can really read /etc/passwd */ memset(&buf, 0, 10); if (read(fd, &buf, 10) == -1) { perror("Failure reading /etc/passwd pre-hat"); _exit(1); } buf[9] = '�'; printf("/etc/passwd: %s ", buf); /* change hat to the "hat" subprofile, which should not have * read access to /etc/passwd -- even though we have a valid * file descriptor at the time of the aa_change_hat() call. */ if (aa_change_hat("hat", tok)) { perror("Failure changing hat -- aborting"); _exit(1); } /* confirm that we cannot read /etc/passwd */ lseek(fd,0,SEEK_SET); memset(&buf, 0, 10); if (read(fd, &buf, 10) == -1) perror("Failure reading /etc/passwd post-hat"); buf[9] = '�'; printf("/etc/passwd: %s ", buf); return 0; } This code example requires the following profile to be loaded with apparmor_parser(8): /tmp/ch { /etc/ld.so.cache mr, /etc/locale/** r, /etc/localtime r, /usr/share/locale/** r, /usr/share/zoneinfo/** r, /usr/lib/locale/** mr, /usr/lib/gconv/*.so mr, /usr/lib/gconv/gconv-modules* mr, /lib/ld-*.so* mrix, /lib/libc*.so* mr, /lib/libapparmor*.so* mr, /dev/pts/* rw, /tmp/ch mr, /etc/passwd r, ^hat { /dev/pts/* rw, } } The output when run: $ /tmp/ch /etc/passwd: root:x:0: Failure reading /etc/passwd post-hat: Permission denied /etc/passwd: $ BUGS
None known. If you find any, please report them to bugzilla at <http://bugzilla.novell.com>. Note that aa_change_hat(2) provides no memory barriers between different areas of a program; if address space separation is required, then separate processes should be used. SEE ALSO
apparmor(7), apparmor.d(5), apparmor_parser(8), and <http://forge.novell.com/modules/xfmod/project/?apparmor>. NOVELL
/SUSE 2007-07-27 AA_CHANGE_HAT(2)